Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/59004?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/59004?format=api", "purl": "pkg:pypi/indy-node@1.8.0.dev977", "type": "pypi", "namespace": "", "name": "indy-node", "version": "1.8.0.dev977", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.13.0.dev2", "latest_non_vulnerable_version": "1.13.0.dev2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167301?format=api", "vulnerability_id": "VCID-6u99-aw1g-kbd7", "summary": "indy-node is the server portion of Hyperledger Indy, a distributed ledger purpose-built for decentralized identity. In vulnerable versions of indy-node, an attacker can max out the number of client connections allowed by the ledger, leaving the ledger unable to be used for its intended purpose. However, the ledger content will not be impacted and the ledger will resume functioning after the attack. This attack exploits the trade-off between resilience and availability. Any protection against abusive client connections will also prevent the network being accessed by certain legitimate users. As a result, validator nodes must tune their firewall rules to ensure the right trade-off for their network's expected users. The guidance to network operators for the use of firewall rules in the deployment of Indy networks has been modified to better protect against denial of service attacks by increasing the cost and complexity in mounting such attacks. The mitigation for this vulnerability is not in the Hyperledger Indy code per se, but rather in the individual deployments of Indy. The mitigations should be applied to all deployments of Indy, and are not related to a particular release.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00594", "scoring_system": "epss", "scoring_elements": "0.69778", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31006" }, { "reference_url": "https://github.com/hyperledger/indy-node", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node" }, { "reference_url": "https://github.com/hyperledger/indy-node/commits/v1.13.2-rc2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/commits/v1.13.2-rc2" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-270.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-270.yaml" }, { "reference_url": "https://github.com/hyperledger/indy-node/commit/53a2a1bf1a26cb8ba710fd6adc8bcf275186a4b3", "reference_id": "53a2a1bf1a26cb8ba710fd6adc8bcf275186a4b3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/" } ], "url": "https://github.com/hyperledger/indy-node/commit/53a2a1bf1a26cb8ba710fd6adc8bcf275186a4b3" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31006", "reference_id": "CVE-2022-31006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31006" }, { "reference_url": "https://github.com/advisories/GHSA-x996-7qh9-7ff7", "reference_id": "GHSA-x996-7qh9-7ff7", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-x996-7qh9-7ff7" }, { "reference_url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-x996-7qh9-7ff7", "reference_id": "GHSA-x996-7qh9-7ff7", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:51:41Z/" } ], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-x996-7qh9-7ff7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/71697?format=api", "purl": "pkg:pypi/indy-node@1.13.0.dev2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indy-node@1.13.0.dev2" } ], "aliases": [ "CVE-2022-31006", "GHSA-x996-7qh9-7ff7", "PYSEC-2022-270" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6u99-aw1g-kbd7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/212219?format=api", "vulnerability_id": "VCID-9a6b-gqdc-2ybj", "summary": "Hyperledger Indy's update process of a DID does not check who signs the request", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11093", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36949", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11093" }, { "reference_url": "https://github.com/hyperledger/indy-node", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node" }, { "reference_url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1124", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1124" }, { "reference_url": "https://github.com/hyperledger/indy-node/blob/master/docs/source/auth_rules.md", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/blob/master/docs/source/auth_rules.md" }, { "reference_url": "https://github.com/hyperledger/indy-node/commit/55056f22c83b7c3520488b615e1577e0f895d75a", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/commit/55056f22c83b7c3520488b615e1577e0f895d75a" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2020-48.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2020-48.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11093", "reference_id": "CVE-2020-11093", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11093" }, { "reference_url": "https://github.com/advisories/GHSA-wh2w-39f4-rpv2", "reference_id": "GHSA-wh2w-39f4-rpv2", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wh2w-39f4-rpv2" }, { "reference_url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-wh2w-39f4-rpv2", "reference_id": "GHSA-wh2w-39f4-rpv2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-wh2w-39f4-rpv2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/33187?format=api", "purl": "pkg:pypi/indy-node@1.12.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6u99-aw1g-kbd7" }, { "vulnerability": "VCID-rm6d-yc9t-u7c6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indy-node@1.12.4" } ], "aliases": [ "CVE-2020-11093", "GHSA-wh2w-39f4-rpv2", "PYSEC-2020-48" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9a6b-gqdc-2ybj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/167200?format=api", "vulnerability_id": "VCID-rm6d-yc9t-u7c6", "summary": "Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In versions 1.12.4 and prior, the `pool-upgrade` request handler in Indy-Node allows an improperly authenticated attacker to remotely execute code on nodes within the network. The `pool-upgrade` request handler in Indy-Node 1.12.5 has been updated to properly authenticate pool-upgrade transactions before any processing is performed by the request handler. The transactions are further sanitized to prevent remote code execution. As a workaround, endorsers should not create DIDs for untrusted users. A vulnerable ledger should configure `auth_rules` to prevent new DIDs from being written to the ledger until the network can be upgraded.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01579", "scoring_system": "epss", "scoring_elements": "0.81984", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31020" }, { "reference_url": "https://github.com/hyperledger/indy-node", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-265.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2022-265.yaml" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31020", "reference_id": "CVE-2022-31020", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-31020" }, { "reference_url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5", "reference_id": "fe507474f77084faef4539101e2bbb4d508a97f5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:58Z/" } ], "url": "https://github.com/hyperledger/indy-node/commit/fe507474f77084faef4539101e2bbb4d508a97f5" }, { "reference_url": "https://github.com/advisories/GHSA-r6v9-p59m-gj2p", "reference_id": "GHSA-r6v9-p59m-gj2p", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-r6v9-p59m-gj2p" }, { "reference_url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p", "reference_id": "GHSA-r6v9-p59m-gj2p", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:58Z/" } ], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-r6v9-p59m-gj2p" }, { "reference_url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5", "reference_id": "v1.12.5", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T15:49:58Z/" } ], "url": "https://github.com/hyperledger/indy-node/releases/tag/v1.12.5" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/26103?format=api", "purl": "pkg:pypi/indy-node@1.12.5rc1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6u99-aw1g-kbd7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indy-node@1.12.5rc1" } ], "aliases": [ "CVE-2022-31020", "GHSA-r6v9-p59m-gj2p", "PYSEC-2022-265" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rm6d-yc9t-u7c6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/204918?format=api", "vulnerability_id": "VCID-vppt-yg65-xbew", "summary": "Uncontrolled Resource Consumption in Indy Node", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11090", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00408", "scoring_system": "epss", "scoring_elements": "0.61616", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11090" }, { "reference_url": "https://github.com/hyperledger/indy-node", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node" }, { "reference_url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2020-47.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/indy-node/PYSEC-2020-47.yaml" }, { "reference_url": "https://pypi.org/project/indy-node/1.12.3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pypi.org/project/indy-node/1.12.3" }, { "reference_url": "https://pypi.org/project/indy-node/1.12.3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://pypi.org/project/indy-node/1.12.3/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11090", "reference_id": "CVE-2020-11090", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11090" }, { "reference_url": "https://github.com/advisories/GHSA-3gw4-m5w7-v89c", "reference_id": "GHSA-3gw4-m5w7-v89c", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-3gw4-m5w7-v89c" }, { "reference_url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c", "reference_id": "GHSA-3gw4-m5w7-v89c", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/16624?format=api", "purl": "pkg:pypi/indy-node@1.12.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6u99-aw1g-kbd7" }, { "vulnerability": "VCID-9a6b-gqdc-2ybj" }, { "vulnerability": "VCID-rm6d-yc9t-u7c6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indy-node@1.12.3" } ], "aliases": [ "CVE-2020-11090", "GHSA-3gw4-m5w7-v89c", "PYSEC-2020-47" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vppt-yg65-xbew" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:pypi/indy-node@1.8.0.dev977" }