Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwMnAtcDhtZy14M2N3

Moderate EPSS: 0.00232% (0.4601 Percentile) EPSS:
Permalink JSON

Insight API transaction broadcast endpoint can result in Full Path Disclosure

Affected Packages Affected Versions Fixed Versions
npm:insight-api
PURL: pkg:npm/insight-api
<= 5.0.0 No known fixed version
24 Dependent packages
17 Dependent repositories
501 Downloads last month

Affected Version Ranges

All affected versions

0.0.0, 0.3.0, 0.3.1, 0.3.2, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 5.0.0-beta.1, 5.0.0-beta.2, 5.0.0-beta.3, 5.0.0-beta.4, 5.0.0-beta.5, 5.0.0-beta.6, 5.0.0-beta.11, 5.0.0-beta.12, 5.0.0-beta.13, 5.0.0-beta.14, 5.0.0-beta.15, 5.0.0-beta.16, 5.0.0-beta.17, 5.0.0-beta.18, 5.0.0-beta.19, 5.0.0-beta.20, 5.0.0-beta.21, 5.0.0-beta.22, 5.0.0-beta.23, 5.0.0-beta.24, 5.0.0-beta.25, 5.0.0-beta.26, 5.0.0-beta.27, 5.0.0-beta.28, 5.0.0-beta.29, 5.0.0-beta.30, 5.0.0-beta.31, 5.0.0-beta.32, 5.0.0-beta.33, 5.0.0-beta.34, 5.0.0-beta.35, 5.0.0-beta.36, 5.0.0-beta.37, 5.0.0-beta.38, 5.0.0-beta.39, 5.0.0-beta.40, 5.0.0-beta.41, 5.0.0-beta.42, 5.0.0-beta.43, 5.0.0-beta.44

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.

References:

Identifiers

GHSA-8p2p-p8mg-x3cw

CVE-2018-1000023

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00232

EPSS Percentile: 0.4601

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/bitpay/insight-api

Date and time

Published

over 7 years ago

Updated

almost 3 years ago

API

JSON