CWE-20: Full Path Disclosure Vulnerability in Bitpay/insight-api Transaction Broadcast Endpoint
CVE-2018-1000023 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.
Learn more about our Web App Pen Testing.