PyPi: Lnbits

CVE-2024-34694

Safety vulnerability ID: 71892

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 14, 2024 Updated at Sep 24, 2024

Scan your Python projects for vulnerabilities →

Advisory

LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend.

Affected package

lnbits

Latest version: 0.12.11

LNbits, free and open-source Lightning wallet and accounts system.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-3j4h-h3fp-vwww
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34694

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application