PyPi: Chia-Blockchain

CVE-2023-4863

Transitive

Safety vulnerability ID: 63732

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Sep 12, 2023 Updated at Dec 12, 2024
Scan your Python projects for vulnerabilities →

Advisory

Chia-blockchain 2.1.0 updates its NPM dependency 'Electron' to 26.2.1 to include a security fix.

Affected package

chia-blockchain

Latest version: 2.5.0

Chia blockchain full node, farmer, timelord, and wallet.

Affected versions

Fixed versions

Vulnerability changelog

Version 2.1.0 of the Chia reference client is now available for download! This release features farming and user experience improvements, including updates to GPU plotting support, Credential Restricted CATs, and upgraded support for offers, WalletConnect, and DataLayer features.

Note: Version 2.1.0 includes additional changes originally intended for the 2.0.0 hard fork and is a required update.

---

Added
- Credential Restricted CATs
- Add timelock information to Trades and Transactions
- Add ergonomic timelock parsing to RPCs
- Add valid_times to Offer object
- Add uncurried args to debug_spend_bundle
- Add force option for spend_clawback_coin
- Add Wallet CLI Unit tests
- Add ergonomic condition classes
- Add the option for arbitrary conditions to make_solution
- Add flags to CR-CAT offer summary
- Improve testnet connectivity
- Add `get_public_key` and `get_public_keys` daemon RPCs
- Add `extra_conditions` as an option to transaction endpoints
- DataLayer fingerprint control
- Delete Datalayer DAT files on unsubscribe
- add new Datalayer `plugins:` config allowing for custom headers
- Add support for multi node farmers (thanks felixbrucker)
- Add a full node RPC endpoint, `get_mempool_items_by_coin_name` (thanks kimsk)
- Add CLI NFT Pagination (thanks yyolk)
- Add traceback to front-end error responses
- Configure number of stored full files in Datalayer
- Add timelock information to Trades and Transactions
- Bladebit Hybrid disk mode

Changed
- Remove CAT1 UX guards
- Dedup offer cancellation logic
- upgrade electron-builder to 24.6.3 and Lerna to 7.1.3
- Simplify get_max_send_amount for XCH and CATs
- Added wallet id showing when using the 'chia plotnft show' (thanks d1m1trus)
- Introduce TXConfig and CoinSelectionConfig
- Print JSON for all DL commands
- demote log level for TIMESTAMP_TOO_FAR_IN_FUTURE errors
- Prevent redundant peer calls in coin_added
- Timelord peak change
- full_node: Stop updating wallets during long sync
- Optimize CAT coin_added
- Optimize NFT coin_added
- flush only the updated parts of the height-to-hash cache file
- Rename USDS --> USDSC
- wallet: Drop `is_peer_synced` / More cache usage
- run_block_generator2()
- full_node: Move wallet updates into a separate task
- send --fix-ssl-permissions to stderr
- update chiabip158 to 1.3
- Update chiapos to 2.0.3
- Update install-gui.sh to check Node 18 and npm 9

Fixed
- Fixed python3-venv in install.sh (thanks d1m1trus)
- Change include_standard_libraries for CLVM compilation default to True
- add dust warning message to chia coins commands & cleanup code
- Fixed `chia rpc status` output
- Fix a typo in code style documentation (thanks UncertainBadg3r)
- Add condition opcodes for agg sigs to condition_codes.clib
- correct netspace calculation
- fixed issue with reuse_puzhash when minting NFTs (thanks YeungTing)
- Refactor Seeder & Crawler code + add tests
- fix testnet10 sync-from-scratch
- Fix timelord-install.sh for CentOS\RHEL (thanks LeroyINC)
- Don't raise on duplicate VC proof insertion
- Add self revocation path to VC wallet
- Support calling get_routes via wss
- Make sure reuse_puzhash works for nft1 offers
- Fix comment typo (thanks xchdata1)
- type mismatch for last_time_farmed (thanks dkackman)
- fix waiting for co-routines in plotters_util.py
- wallet: Fix and improve untrusted race caching
- Add `--verbose` option to `data create_data_store` and limit default output to the store id
- chiavdf==1.0.11 for setuptools fix
- more ws message type awareness in the deamon
- add fee for cat creation
- max_coin_amount should default to None in wallet send command
- Add extra_conditions to special offer making
- bump chia_rs to include bugfix for new AGG_SIG_* conditions in mempool mode
- Fix `chia farm summary` aborting early if no local full node present (fixes 16164) (thanks xchdata1)
- fix typo in PendingTxCache
- rename `chia data add_missing_files` `-f`/`--foldername` to `-d`/`--directory`
- Wallet workaround for python issue 97641 and update anyio for issue 589
- Fix issue with trade failures
- Fix glitch NFT wallet test

Removed
- Support for MacOS 10.14 and 10.15
- Support for Chia database schema version 1
- Support for minting CATs via RPC

GUI Changes
* Fixed typo "Missing signage point" -> "Missing signage points"
* Add ability for WalletConnect command implementations to invoke custom logic
* Color theme updates
* Fix bug with Auto Login when a keyring passphrase is set
* Add emojis to Address Book and other design updates
* Add custom scrollbars for consistency in the app
* Support for WalletConnect signMessageById/Address commands to sign hex-encoded messages
* Increased number of max event listeners for api services
* CR-CAT token support
* Fix selection bug in the AddressBookAutocomplete component
* Update Readme file (debugging and simulator sections)
* Support plot filter change for testnet10
* Fix crash when populating keys that lack an emoji/theme entry
* Design updates for WalletConnect multiple key selection
* Update key-specific prefs when removing a wallet
* CR-CAT offers functionality
* Update Node to 18.16.1 from 16.20.1
* Add getPublicKey WalletConnect command
* Add support for Bladebit hybrid diskmode
* Fixed effective plot size values
* Removed `-no-direct_downloads` option from bladebit
* Removed defunct createNewCATWallet WalletConnect command
* Move away from lerna to npm with workspaces
* Add a tooltip for USDSC (Stably USDS Classic) in the token listing
* Show both Launcher Id and Coin Id in VC card
* Add support for expiring offers
* Bump Electron to 26.2.1 for a security fix
* Fix an issue where expected average passed filter count was wrong
* Fix chia_data_layer_http service startup. Use `noWait` to skip waiting for ping responses that will never arrive
* Removed compression level 0 from the cuda plot option
* Fix an issue where status indicators always show `NOT RUNNING`
* Add rpm tag for libxcrypt-compat
* Design updates to the header buttons
* Cosmetic fixes for the Harvester settings screen
* Fix farm page crash
* Added a warning dialog appeared when selecting hybrid 128G mode
* Fix addVCProofs WalletConnect command

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 8.8

CVSS v3 Details

HIGH 8.8
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
REQUIRED
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
HIGH
Availability Availability (A)
HIGH