A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.
References
Link | Resource |
---|---|
https://github.com/hyperledger/fabric/pull/2828 | Patch Third Party Advisory |
https://jira.hyperledger.org/browse/FAB-18528 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
23 Nov 2021, 17:12
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-444 | |
References | (MISC) https://github.com/hyperledger/fabric/pull/2828 - Patch, Third Party Advisory | |
References | (MISC) https://jira.hyperledger.org/browse/FAB-18528 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CPE | cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:* cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:* cpe:2.3:a:linuxfoundation:fabric:2.0.1:*:*:*:*:*:*:* cpe:2.3:a:linuxfoundation:fabric:2.3.0:*:*:*:*:*:*:* |
18 Nov 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-11-18 16:15
Updated : 2024-02-04 22:08
NVD link : CVE-2021-43669
Mitre link : CVE-2021-43669
CVE.ORG link : CVE-2021-43669
JSON object : View
Products Affected
linuxfoundation
- fabric
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')