CVE-2021-43669

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in go/github.com/hyperledger/fabric

Identifiers

CVE-2021-43669

Package Slug

go/github.com/hyperledger/fabric

Vulnerability

Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Description

A vulnerability has been detected in HyperLedger Fabric. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.

Affected Versions

Version 1.4.0, all versions starting from 2.0.0 up to 2.0.1, version 2.3.0

Solution

Upgrade to version 2.3.3 or above.

Last Modified

2021-11-24

source