Browse all 4 CVE security advisories affecting input-output-hk. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Input-output-hk develops blockchain infrastructure and smart contract platforms, primarily serving decentralized finance applications. Historically, their products have been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and insecure default configurations. While no major public security incidents have been documented, their four recorded CVEs highlight recurring issues in access control and cryptographic implementation. The organization's security posture appears focused on reactive patching rather than proactive security-by-design approaches, with vulnerabilities typically discovered through external research rather than internal testing programs.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-42449 | Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits — hydraCWE-20 | 8.1 | High | 2023-10-04 |
| CVE-2023-42448 | Hydra's contestation period in head datum can be modified during Close transaction, allowing malicious participant to freely modify the contestation deadline — hydraCWE-20 | 8.1 | High | 2023-10-04 |
| CVE-2023-38701 | Hydra's committed UTxOs at Commit validator and UTxOs at Initial validator can be spent arbitrarily by anyone — hydraCWE-20 | 9.1 | Critical | 2023-10-04 |
| CVE-2023-42806 | Snapshot signature not including HeadID will allow replay attacks — hydraCWE-347 | 6.5 | Medium | 2023-09-21 |
This page lists every published CVE security advisory associated with input-output-hk. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.