CWE-20: Full Path Disclosure Vulnerability in Bitpay/insight-api Transaction Broadcast Endpoint

CWE-20: Full Path Disclosure Vulnerability in Bitpay/insight-api Transaction Broadcast Endpoint

CVE-2018-1000023 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.

Learn more about our Web App Pen Testing.