Description
Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a CWE-20: input validation vulnerability in transaction broadcast endpoint that can result in Full Path Disclosure. This attack appear to be exploitable via Web request.
Remediation
References
https://github.com/bitpay/insight-api/issues/542
Related Vulnerabilities
CVE-2020-36640 Vulnerability in maven package org.bonitasoft.connectors:bonita-connector-webservice
CVE-2020-19850 Vulnerability in npm package directus
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core
CVE-2021-21266 Vulnerability in maven package org.openhab.addons.bundles:org.openhab.transform.xpath