Haosheng Wang

**Name of the Vulnerable Software and Affected Versions** Hyperledger Fabric versions prior to 2.4.6 **Description** Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer, it may crash the peer node. The issue is resolved by checking for the malformed gateway request and returning an error to the gateway client. **Recommendations** For versions prior to 2.4.6, upgrade to version 2.4.6 to resolve the issue. As a temporary workaround, consider restricting access to the gateway peer to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Hyperledger Fabric versions prior to 2.2.7 Hyperledger Fabric versions prior to 2.4.5 **Description** Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions, if a consensus client sends a malformed consensus request to an orderer, it may crash the orderer node. A fix has been added which checks for missing consensus messages and returns an error to the consensus client should the message be missing. **Recommendations** To resolve the issue, upgrade to version 2.2.7 or v2.4.5. As there are no known workarounds for this issue, users must upgrade to the specified versions to mitigate the risk.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 62.0.3202.62 Opera (affected versions not specified) **Description** The issue is related to insufficient policy enforcement in the Omnibox, allowing a remote attacker to perform domain spoofing via IDN homographs in a crafted domain name. This can lead to potential security risks. **Recommendations** For Google Chrome versions prior to 62.0.3202.62, update to version 62.0.3202.62 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 53 Description: The issue involves a mechanism to spoof the Firefox for Android address bar using a "javascript:" URI. This occurs because the base domain is parsed incorrectly on Firefox for Android, resulting in the location appearing less visibly as a spoofed site and displaying an incorrect domain in appended notifications. Recommendations: For versions prior to 53, update to version 53 or later to resolve the issue.