Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed

Permalink CVE-2026-3193

3.1 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 weeks ago by @mweinelt Activity log

Created automatic suggestion 3 weeks, 2 days ago
@mweinelt removed
15 packages
- python312Packages.blockchain
- python312Packages.python-blockchain-api
- python313Packages.python-blockchain-api
- python314Packages.python-blockchain-api
- haskellPackages.amazonka-managedblockchain
- python312Packages.mypy-boto3-managedblockchain
- python313Packages.mypy-boto3-managedblockchain
- python314Packages.mypy-boto3-managedblockchain
- python312Packages.mypy-boto3-managedblockchain-query
- python313Packages.mypy-boto3-managedblockchain-query
- python314Packages.mypy-boto3-managedblockchain-query
- python312Packages.types-aiobotocore-managedblockchain
- python313Packages.types-aiobotocore-managedblockchain
- python312Packages.types-aiobotocore-managedblockchain-query
- python313Packages.types-aiobotocore-managedblockchain-query
2 weeks ago
@mweinelt dismissed 2 weeks ago

Chia Blockchain send_transaction cross-site request forgery

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

References

VDB-347749 | Chia Blockchain send_transaction cross-site request forgery vdb-entry
VDB-347749 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
https://github.com/Danimlzg/chia-rpc-auth-bypass.git exploit broken-link

Affected products

Blockchain

==2.1.0

Ignored packages (15)

pkgs.python312Packages.blockchain

Python client Blockchain Bitcoin Developer API

nixos-25.11 1.4.4
- nixos-25.11-small 1.4.4
- nixpkgs-25.11-darwin 1.4.4

pkgs.python312Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python313Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2
nixos-25.11 0.0.2
- nixos-25.11-small 0.0.2
- nixpkgs-25.11-darwin 0.0.2

pkgs.python314Packages.python-blockchain-api

Python API for interacting with blockchain.info

nixos-unstable 0.0.2
- nixpkgs-unstable 0.0.2
- nixos-unstable-small 0.0.2

pkgs.haskellPackages.amazonka-managedblockchain

Amazon Managed Blockchain SDK

nixos-unstable 2.0-unstable-2025-04-16
- nixpkgs-unstable 2.0-unstable-2025-04-16
- nixos-unstable-small 2.0-unstable-2025-04-16
nixos-25.11 2.0-unstable-2025-04-16
- nixos-25.11-small 2.0-unstable-2025-04-16
- nixpkgs-25.11-darwin 2.0-unstable-2025-04-16

pkgs.python312Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3
nixos-25.11 boto3-managedblockchain-1.41.0
- nixos-25.11-small boto3-managedblockchain-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain

Type annotations for boto3 managedblockchain

nixos-unstable boto3-managedblockchain-1.42.3
- nixpkgs-unstable boto3-managedblockchain-1.42.3
- nixos-unstable-small boto3-managedblockchain-1.42.3

pkgs.python312Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python313Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3
nixos-25.11 boto3-managedblockchain-query-1.41.0
- nixos-25.11-small boto3-managedblockchain-query-1.41.0
- nixpkgs-25.11-darwin boto3-managedblockchain-query-1.41.0

pkgs.python314Packages.mypy-boto3-managedblockchain-query

Type annotations for boto3 managedblockchain-query

nixos-unstable boto3-managedblockchain-query-1.42.3
- nixpkgs-unstable boto3-managedblockchain-query-1.42.3
- nixos-unstable-small boto3-managedblockchain-query-1.42.3

pkgs.python312Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain

Type annotations for aiobotocore managedblockchain

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python312Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

pkgs.python313Packages.types-aiobotocore-managedblockchain-query

Type annotations for aiobotocore managedblockchain-query

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 2.25.2
- nixos-25.11-small 2.25.2
- nixpkgs-25.11-darwin 2.25.2

Not in nixpkgs