CVE-2020-11944
N/A
N/A
Summary
Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in call in abe.py because the PATH_INFO environment variable is mishandled during a PageNotFound exception.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/bitcoin-abe/bitcoin-abe/blob/d33f6e85de74e708e11cabe4ed0246e12025c726/Abe/abe.py#L253-L254
- https://geeknik-labs.com
- https://github.com/bitcoin-abe/bitcoin-abe/issues/292
References
- https://github.com/bitcoin-abe/bitcoin-abe/blob/d33f6e85de74e708e11cabe4ed0246e12025c726/Abe/abe.py#L253-L254
- https://geeknik-labs.com
- https://github.com/bitcoin-abe/bitcoin-abe/issues/292
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.