Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-3193
3.1 LOW
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): High (H)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): Required (R)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): Low (L)
  • Availability (A): None (N)
  • Exploit Code Maturity (E): Proof-of-Concept (P)
  • Remediation Level (RL): Not Defined (X)
  • Report Confidence (RC): Reasonable (R)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): High (H)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): Low (L)
  • Modified Availability (MA): None (N)
updated 2 months, 2 weeks ago by @mweinelt Activity log
  • Created suggestion 3 months ago
  • @mweinelt ignored
    15 packages
    • python312Packages.blockchain
    • python312Packages.python-blockchain-api
    • python313Packages.python-blockchain-api
    • python314Packages.python-blockchain-api
    • haskellPackages.amazonka-managedblockchain
    • python312Packages.mypy-boto3-managedblockchain
    • python313Packages.mypy-boto3-managedblockchain
    • python314Packages.mypy-boto3-managedblockchain
    • python312Packages.mypy-boto3-managedblockchain-query
    • python313Packages.mypy-boto3-managedblockchain-query
    • python314Packages.mypy-boto3-managedblockchain-query
    • python312Packages.types-aiobotocore-managedblockchain
    • python313Packages.types-aiobotocore-managedblockchain
    • python312Packages.types-aiobotocore-managedblockchain-query
    • python313Packages.types-aiobotocore-managedblockchain-query
    2 months, 2 weeks ago
  • @mweinelt dismissed 2 months, 2 weeks ago
Chia Blockchain send_transaction cross-site request forgery

A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file /send_transaction. The manipulation results in cross-site request forgery. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit is now public and may be used. The vendor was informed early via email. A separate report via bugbounty was rejected with the reason "This is by design. The user is responsible for host security".

Affected products

Blockchain
  • ==2.1.0
Ignored packages (15) 
Not in nixpkgs