CVE-2023-50475

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

Malicious code in bcoin-full (npm)

This package exfils sensitive data to a attacker-controlled domain via index.js. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 461f982127682ae24a143dec087c7d0d27c8c37ec4f549d4037e996508f66981 Any computer that has this package installed or running should be...

bsock uses weak hashing algorithms

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

GHSA-JJ93-39PF-7MCF bsock uses weak hashing algorithms

An issue was discovered in the bsock component of bcoin-org bcoin that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

CVE-2023-50475

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

CVE-2023-50475

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

Information disclosure

An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js...

CVE-2023-50475

CVE-2023-50475 affects bcoin-org/bcoin v2.2.0 in the bsock component, via the vendor\faye-websocket.js allowing remote attackers to disclose sensitive information by using weak hashing algorithms (e.g., MD5/SHA1). The Red Hat/Veracode/OSV reports corroborate a weakness in the websocket hashing us...

PT-2023-31575 · Bcoin +1 · Bcoin +1

Name of the Vulnerable Software and Affected Versions: bcoin versions 2.2.0 Description: An issue was discovered that allows remote attackers to obtain sensitive information via weak hashing algorithms in the component vendorfaye-websocket.js. This issue affects the bsock component...

Bcoin Security Breach

Bcoin is an alternative implementation of the Bitcoin protocol open-sourced by Bcoin. A security vulnerability exists in Bcoin version 2.2.0, which stems from a vulnerability that allows remote attackers to obtain sensitive information via a weak hash algorithm in the component...

MAL-2022-1480 Malicious code in bcoin-mongo-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b87b09d27793d80c018b01839a3055f8291ea7e7399a2986a040821aa9f141dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bcoin-mongo-api (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b87b09d27793d80c018b01839a3055f8291ea7e7399a2986a040821aa9f141dd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in bcoin-mongo-models (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60b502cd2230d7460f774b28808ee0919a97069cc001cd8dc7465a3a0f8ba937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-1481 Malicious code in bcoin-mongo-models (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60b502cd2230d7460f774b28808ee0919a97069cc001cd8dc7465a3a0f8ba937 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Denial Of Service (DoS)

bcoin is vulnerable to denial of service DoS. Lack of proper handling of a large number of inventory inv messages and items allows an attacker to send multiple transaction of inv messages with random hashes to cause an uncontrolled resource consumption and out-of-memory OOM...

bcash-instadump (>=0.3.3 <=0.4.0), bcoin-stratum (=0.0.1) +3 more potentially affected by CVE-2018-17145 via bcoin (>=0.10.0 <=1.0.0-beta.14)

bcoin NPM version =0.10.0, =0.3.3, =0.1.0, =1.0.0, =2.1.1 - ihan =0.4.0 Source cves: CVE-2018-17145 Source advisory: OSV:GHSA-HX3R-JV9Q-85JW...