GHSA-qv97-5qr8-2266: Mithril snapshots for Cardano database could be compromised by an adversary

Inconsistencies could be introduced into a tampered ledger state distributed through Mithril snapshots, either by an unknown source or by a compromised IOG-operated aggregator. These inconsistencies would not be immediately detected by Cardano nodes started with such snapshots, potentially enabling long-range attacks that might not be corrected by honest nodes, even if they sync from genesis. Currently, a Mithril network has only one aggregator, which serves snapshots from a secure cloud location operated by IOG and is therefore assumed to be trustworthy. In the future, as Mithril networks become more decentralized, multiple aggregators will operate independently. This increased decentralization could raise the risk of a malicious aggregator distributing a tampered ledger state.