indy-node@1.12.4rc1 vulnerabilities
Indy node
-
latest version
1.13.2.dev1715361505
-
first published
7 years ago
-
latest version published
21 days ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the indy-node package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
indy-node is a package that implements server portion of a distributed ledger purpose-built for decentralized identity. Affected versions of this package are vulnerable to Denial of Service (DoS) when an attacker maxes out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. How to fix Denial of Service (DoS)? A fix was pushed into the |
[0,)
|
indy-node is a package that implements server portion of a distributed ledger purpose-built for decentralized identity. Affected versions of this package are vulnerable to Arbitrary Code Execution via the How to fix Arbitrary Code Execution? Upgrade |
[,1.12.5)
|
indy-node is a package that implements server portion of a distributed ledger purpose-built for decentralized identity. Affected versions of this package are vulnerable to Authorization Bypass. There is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because:
How to fix Authorization Bypass? Upgrade |
[0,1.12.4)
|