A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.
References
Link | Resource |
---|---|
https://jira.hyperledger.org/browse/FAB-18528 | Vendor Advisory |
https://github.com/hyperledger/fabric/pull/2828 | Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2021-11-18 08:15
Updated : 2021-11-23 09:12
NVD link : CVE-2021-43669
Mitre link : CVE-2021-43669
JSON object : View
CWE
CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')
Products Affected
linuxfoundation
- fabric