Lucene search

Veracode Vulnerability DatabaseVERACODE:47563

HistoryJun 17, 2024 - 5:52 a.m.

Improper Check For Unusual Or Exceptional Conditions

2024-06-1705:52:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

lnbits

vulnerability

blocking api call

timeout

payment

settlement

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

lnbits is vulnerable to Improper Check For Unusual Or Exceptional Conditions. The vulnerability is due to the blocking API call which leads to a timeout if a payment is not settled within 30 seconds.

References

github.com/lnbits/lnbits/commit/8d3b156738f5d957bed2207084f0db2ce289642c

github.com/lnbits/lnbits/security/advisories/GHSA-3j4h-h3fp-vwww

CVSS3

8.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

AI Score

6.7

Confidence

High

EPSS

Percentile

9.0%

JSON

Related for VERACODE:47563