New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security] Full Path Disclosure #542
Comments
|
This is probably due to a non |
|
We should have a way to set the |
|
It is applicable to almost all insight-api's available online atm. |
|
Do you plan to address this vulnerability ?
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sending unexpected* data to broadcast endpoint
/insight-api/tx/sendresults in an error message which contains path of the node app.Full Path Disclosure Vulnerability
Example Code:
examples:
/mnt/data/ssd/satoshilabs/bitcore-bcc/bitcore/node_modules/bitcoind-rpc/lib/index.js/home/bitprim/mynode/node_modules/bitcore-node/node_modules/bitcoind-rpc/lib/index.jsIt seems that all other deployment of insight has this vulnerability.
The text was updated successfully, but these errors were encountered: