CVE-2024-34694: LNbits improperly handles potential network and payment failures when using Eclair backend

June 17, 2024

Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight.

References

github.com/advisories/GHSA-3j4h-h3fp-vwww
github.com/lnbits/lnbits
github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww
nvd.nist.gov/vuln/detail/CVE-2024-34694

Detect and mitigate CVE-2024-34694 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →