Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/cashu@0.15.2
Typepypi
Namespace
Namecashu
Version0.15.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.18.0
Latest_non_vulnerable_version0.18.0
Affected_by_vulnerabilities
0
url VCID-4upk-49tv-kqfe
vulnerability_id VCID-4upk-49tv-kqfe
summary NUT-14 allows cashu tokens to be created with a preimage hash. However, nutshell (cashubtc/nuts) before 0.18.0 do not validate the size of preimage when the token is spent. The preimage is stored by the mint and attacker can exploit this vulnerability to fill the mint's db nd disk with arbitrary data.
references
0
reference_url https://bitcointalk.org/index.php?topic=5564329
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://bitcointalk.org/index.php?topic=5564329
1
reference_url https://delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://delvingbitcoin.org/t/public-disclosure-denial-of-service-using-htlc-in-cashu/2090
2
reference_url https://github.com/cashubtc/nuts/blob/main/07.md
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://github.com/cashubtc/nuts/blob/main/07.md
3
reference_url https://github.com/cashubtc/nuts/blob/main/14.md
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://github.com/cashubtc/nuts/blob/main/14.md
4
reference_url https://github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.md
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://github.com/jamesob/delving-bitcoin-archive/blob/master/archive/rendered-topics/2025-11-November/2025-11-02-public-disclosure-denial-of-service-using-htlc-in-cashu-id2090.md
5
reference_url https://preimage007.github.io/
reference_id
reference_type
scores
0
value 9.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://preimage007.github.io/
fixed_packages
0
url pkg:pypi/cashu@0.18.0
purl pkg:pypi/cashu@0.18.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cashu@0.18.0
aliases CVE-2025-65548, PYSEC-2025-89
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4upk-49tv-kqfe
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/cashu@0.15.2