CVE-2018-1000023: Improper Input Validation

March 5, 2018 (updated September 7, 2021)

Bitpay/insight-api Insight-api contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.

References

github.com/advisories/GHSA-8p2p-p8mg-x3cw
github.com/bitpay/insight-api/issues/542
nvd.nist.gov/vuln/detail/CVE-2018-1000023

Detect and mitigate CVE-2018-1000023 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →