Описание
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.
Пакеты
Наименование
insight-api
npm
Затронутые версииВерсия исправления
<= 5.0.0
Отсутствует
Связанные уязвимости
CVSS3: 5.3
nvd
почти 8 лет назад
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.