PyPi: Lnbits

CVE-2023-52323

Transitive

Safety vulnerability ID: 71115

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 05, 2024 Updated at Oct 18, 2024
Scan your Python projects for vulnerabilities →

Advisory

Lnbits version 0.12.5 addresses a security issue in the `pycryptodomex` library. The dependency is updated from version 3.19.0 to 3.19.1 to resolve the vulnerability identified as CVE-2023-52323. This update ensures that the package remains secure by incorporating the necessary fixes from the updated library version.

Affected package

lnbits

Latest version: 0.12.12

LNbits, free and open-source Lightning wallet and accounts system.

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* feat: add `check_invalid_payments` command by motorina0 in https://github.com/lnbits/lnbits/pull/2353
* feat: add commands `delete-walle`, `delete-wallet-payment` and `verbose` option, by motorina0 in https://github.com/lnbits/lnbits/pull/2354
* feat: add `mark-payment-pending` command by motorina0 in https://github.com/lnbits/lnbits/pull/2355
* feat: remove `--auto-fix` option from `check-payments` by motorina0 in https://github.com/lnbits/lnbits/pull/2359
* feat: extra log by motorina0 in https://github.com/lnbits/lnbits/pull/2360
* hotfix: initial currency conversion on balance by dni in https://github.com/lnbits/lnbits/pull/2346
* bug: When "expiry" is null, do not display "expiry" in payment details by dethos in https://github.com/lnbits/lnbits/pull/2349
* feat: complete use of `LNBITS_EXTENSIONS_DEACTIVATE_ALL` by dni in https://github.com/lnbits/lnbits/pull/2341
* chore: update to node 20.x on workflows by dni in https://github.com/lnbits/lnbits/pull/2364
* bug: releasing docker image had invalid credentials by dni in https://github.com/lnbits/lnbits/pull/2365
* ci: run jmeter only if linting passes to save resources by dni in https://github.com/lnbits/lnbits/pull/2366
* bug: show extensions in frontend had wrong boolean by dni in https://github.com/lnbits/lnbits/pull/2370
* bug: frontend some v-text missing by talvasconcelos in https://github.com/lnbits/lnbits/pull/2372
* feat: improve on api structure, add openapi tags by dni in https://github.com/lnbits/lnbits/pull/2295
* simplify description in i18n by prusnak in https://github.com/lnbits/lnbits/pull/2356
* [test] add jmeter tests to install and enable all vetted extensions by motorina0 in https://github.com/lnbits/lnbits/pull/2371
* test: run jmeter test from `lnbits-extensions` repo by dni in https://github.com/lnbits/lnbits/pull/2374
* test: remove warnings for `TemplateResponse` by dni in https://github.com/lnbits/lnbits/pull/2368
* docs: improves readme by arcbtc in https://github.com/lnbits/lnbits/pull/2367
* chore: typo in function name `nofiy_upgrade` by dni in https://github.com/lnbits/lnbits/pull/2383
* chore: fix some typos for docs by redistay in https://github.com/lnbits/lnbits/pull/2384
* chore: adhere to ruff's `A` by dni in https://github.com/lnbits/lnbits/pull/2380
* chore: update black, security warning by dni in https://github.com/lnbits/lnbits/pull/2387
* chore: fix `pycryptodomex` security issue by dni in https://github.com/lnbits/lnbits/pull/2388
* chore: adhere to ruff's `C` by dni in https://github.com/lnbits/lnbits/pull/2379
* docs: improve installation for none ubuntu by dni in https://github.com/lnbits/lnbits/pull/2386
* fix: remove trailing slash from admin.js by dni in https://github.com/lnbits/lnbits/pull/2391
* refactor: use new fastapi lifespan instead of startup/shutdown events by dni in https://github.com/lnbits/lnbits/pull/2294
* test: make nice pytest reports on github by dni in https://github.com/lnbits/lnbits/pull/2376
* feat: active state for manage menu items by dni in https://github.com/lnbits/lnbits/pull/2392
* doc: add hint to configure reverse proxy in `.env.template` by dni in https://github.com/lnbits/lnbits/pull/2393
* test: add unit tests for wallets (funding sources) by motorina0 in https://github.com/lnbits/lnbits/pull/2363
* test: add tests for alby by motorina0 in https://github.com/lnbits/lnbits/pull/2390
* fix: improve on check_fundingsource retries by dni in https://github.com/lnbits/lnbits/pull/2400
* chore: update lnbits to 0.12.5 by dni in https://github.com/lnbits/lnbits/pull/2401

New Contributors
* redistay made their first contribution in https://github.com/lnbits/lnbits/pull/2384

**Full Changelog**: https://github.com/lnbits/lnbits/compare/0.12.4...0.12.5

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

MEDIUM 5.9

CVSS v3 Details

MEDIUM 5.9
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
HIGH
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
HIGH
Integrity Impact (I)
NONE
Availability Availability (A)
NONE