github.com/hyperledger/fabric (Go) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Go package github.com/hyperledger/fabric, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2021-43669 — CVSS 7.5 (high): A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the…
CVE-2022-31121 — CVSS 7.5 (high): Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus…
CVE-2021-43667 — CVSS 7.5 (high): A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose…
CVE-2023-46132 — CVSS 7.1 (high): Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called…
CVE-2022-36023 — CVSS 7.0 (high): Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway…
CVE-2024-45244 — CVSS 5.3 (medium): Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
CVE-2022-35253: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any…