{"id":"PYSEC-2018-150","details":"Hyperledger Iroha versions v1.0_beta and v1.0.0_beta-1 are vulnerable to transaction and block signature verification bypass in the transaction and block validator allowing a single node to sign a transaction and/or block multiple times, each with a random nonce, and have other validating nodes accept them as separate valid signatures.","modified":"2024-11-21T14:22:52.162008Z","published":"2018-06-01T19:29:00Z","withdrawn":"2024-11-22T04:37:04Z","references":[{"type":"WEB","url":"https://github.com/hyperledger/iroha/releases/tag/v1.0.0_beta-2"}],"affected":[{"package":{"name":"iroha","ecosystem":"PyPI","purl":"pkg:pypi/iroha"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["0.0.1","0.0.2","0.0.5.1","0.0.5.2","0.0.5.3","0.0.5.4","0.0.5.5","0.0.5.dev1","1.0.0","1.4.1","1.4.1.1","1.6.0.1","1.6.0.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/iroha/PYSEC-2018-150.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}