x/vulndb: potential Go vuln in github.com/hyperledger/fabric: GHSA-48gg-32q2-4r6m #3099

GoVulnBot · 2024-08-26T15:01:16Z

Advisory GHSA-48gg-32q2-4r6m references a vulnerability in the following Go modules:

Module
github.com/hyperledger/fabric

Description:
Hyperledger Fabric through 2.5.9 does not verify that a request has a timestamp within the expected time window.

References:

ADVISORY: GHSA-48gg-32q2-4r6m
ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-45244
FIX: hyperledger/fabric@155457a

Cross references:

github.com/hyperledger/fabric appears in 7 other report(s):
- data/excluded/GO-2022-0266.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2021-43667 #266) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0267.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2021-43669 #267) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0506.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2022-31121 #506) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-0949.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2022-36023 #949) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1018.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2022-35253 #1018) EFFECTIVELY_PRIVATE
- data/excluded/GO-2022-1109.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2022-45196 #1109) EFFECTIVELY_PRIVATE
- data/excluded/GO-2023-2339.yaml (x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2023-46132 #2339) EFFECTIVELY_PRIVATE

See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/hyperledger/fabric
      vulnerable_at: 1.4.12
summary: |-
    Hyperledger Fabric does not verify request has a timestamp within the expected
    time window in github.com/hyperledger/fabric
cves:
    - CVE-2024-45244
ghsas:
    - GHSA-48gg-32q2-4r6m
references:
    - advisory: https://github.com/advisories/GHSA-48gg-32q2-4r6m
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45244
    - fix: https://github.com/hyperledger/fabric/commit/155457a6624b3c74b22e5729c35c8499bfe952cd
source:
    id: GHSA-48gg-32q2-4r6m
    created: 2024-08-26T15:01:16.059080288Z
review_status: UNREVIEWED

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-08-30T16:04:04Z

Change https://go.dev/cl/609141 mentions this issue: data/reports: add 21 unreviewed reports

tatianab added the triaged label Aug 30, 2024

gopherbot closed this as completed in fe86cd7 Aug 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/hyperledger/fabric: GHSA-48gg-32q2-4r6m #3099

x/vulndb: potential Go vuln in github.com/hyperledger/fabric: GHSA-48gg-32q2-4r6m #3099

GoVulnBot commented Aug 26, 2024

gopherbot commented Aug 30, 2024

x/vulndb: potential Go vuln in github.com/hyperledger/fabric: GHSA-48gg-32q2-4r6m #3099

x/vulndb: potential Go vuln in github.com/hyperledger/fabric: GHSA-48gg-32q2-4r6m #3099

Comments

GoVulnBot commented Aug 26, 2024

gopherbot commented Aug 30, 2024