Description
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.
Remediation
References
https://github.com/bitpay/insight-api/issues/542
Related Vulnerabilities
CVE-2023-34092 Vulnerability in maven package org.webjars.npm:vite
CVE-2023-29566 Vulnerability in npm package dawnsparks-node-tesseract
CVE-2021-23566 Vulnerability in npm package nanoid
CVE-2023-30515 Vulnerability in maven package io.jenkins.plugins:thycotic-devops-secrets-vault
CVE-2020-7713 Vulnerability in npm package arr-flatten-unflatten