Improper Input Validation

Affecting insight-api package, ALL versions

Do your applications use this vulnerable package? Test your applications

Overview

insight-api is a Bitcoin blockchain REST and web socket API service for Bitcore Node.

Affected versions of this package are vulnerable to Improper Input Validation in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.

Remediation

There is no fix versions for insight-api.

References

CVSS Score

5.3
medium severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Unknown
CVE
CVE-2018-1000023
CWE
CWE-20
Snyk ID
npm:insight-api:20180209
Disclosed
09 Feb, 2018
Published
27 Mar, 2018