GHSA-78hj-86cr-6j2v

Source

https://github.com/advisories/GHSA-78hj-86cr-6j2v

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-78hj-86cr-6j2v/GHSA-78hj-86cr-6j2v.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-78hj-86cr-6j2v

Aliases

CVE-2019-12999
GO-2022-0807

Published

2021-05-18T15:30:22Z

Modified

2024-08-21T15:58:42.125176Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Improper Access Control in Lightning Network Daemon

Details

Lightning Network Daemon (lnd) before 0.7 allows attackers to trigger loss of funds because of Incorrect Access Control.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2021-05-17T21:56:38Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-284"
    ]
}

References

Affected packages

Go / github.com/lightningnetwork/lnd

Package

Name: github.com/lightningnetwork/lnd; View open source insights on deps.dev
Purl: pkg:golang/github.com/lightningnetwork/lnd

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.7.1-beta

Database specific

{
    "last_known_affected_version_range": "<= 0.7.0"
}