PyPi: Chia-Blockchain

CVE-2023-2133

Transitive

Safety vulnerability ID: 64104

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 19, 2023 Updated at Dec 12, 2024
Scan your Python projects for vulnerabilities →

Advisory

Chia-blockchain 1.8.1rc4 updates its NPM dependency 'Electron' to 22.3.7 to include security fixes.

Affected package

chia-blockchain

Latest version: 2.5.0

Chia blockchain full node, farmer, timelord, and wallet.

Affected versions

Fixed versions

Vulnerability changelog

<details>
<!-- Release notes generated using configuration in .github/release.yml at release/1.8.1 -->

<summary>

What's Changed

</summary>

Changed
* Softfork2 testing by arvidn in https://github.com/Chia-Network/chia-blockchain/pull/15204
* Move to Discord in docs and install scripts (15193) by wallentx in https://github.com/Chia-Network/chia-blockchain/pull/15210
* hardcode `num` param when listing NFTs from CLI by paninaro in https://github.com/Chia-Network/chia-blockchain/pull/15293
* optimize compact proofs by arvidn in https://github.com/Chia-Network/chia-blockchain/pull/15304

Fixed
* wallet: Avoid dict changes while iterating in `handle_nft` by xdustinface in https://github.com/Chia-Network/chia-blockchain/pull/15216
* don't add transactions to the mempool before it has a valid peak by arvidn in https://github.com/Chia-Network/chia-blockchain/pull/15264

GUI Changes
* Keybase links and menu items have been replaced with Discord links by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1742
* NFT loading and performance fixes to incorrect images and sluggish UI by seeden in https://github.com/Chia-Network/chia-blockchain-gui/pull/1730
* Fixed a bug that prevented users from joining a pool by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1753
* Fixed a DID creation failure caused by improper comparison between string and number by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1754
* Removed a hardcoded NFT page size limit (if not specified) by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1757
* Allow WalletConnect pairings that include unsupported commands by seeden in https://github.com/Chia-Network/chia-blockchain-gui/pull/1765
* Fix plotting with madmax when tmpdir2 wasn't explicitly set by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1766
* Added the WalletConnect command getNFTWalletsWithDIDs to support fetching a list of DIDs owned by the user by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1770
* Update Electron 22.3.5 to 22.3.7 to address security advisories by paninaro in https://github.com/Chia-Network/chia-blockchain-gui/pull/1773

**Full Changelog**: https://github.com/Chia-Network/chia-blockchain/compare/1.8.0...1.8.1-rc4

</details>

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH