CVE-2019-16752

Published: Dec 4, 2019Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0.

Affected (3)

Products: Dash: Dash Core · Officialdapscoin: Decentralized Anonymous Payment System · Pivx: Private Instant Verified Transactions

Dash

1 product

Dash Core

Officialdapscoin

1 product

Decentralized Anonymous Payment System

Pivx

1 product

Private Instant Verified Transactions

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Dash Dash Core	Up to 0.14.0.3
Officialdapscoin Decentralized Anonymous Payment System	Up to 2019-08-26
Pivx Private Instant Verified Transactions	Up to 3.4.0

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf

Source: cve@mitre.org

Vendor Advisory

https://officialdapscoin.com/wp-content/uploads/2019/09/DAPS-Coin-Final-Security-Audit-Red4Sec-2019.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.