CVE-2019-16752

MEDIUM

Dash Core < 0.14.0.3 - Cross-Site Request Forgery

Title source: llm
STIX 2.1

Description

An issue was discovered in Decentralized Anonymous Payment System (DAPS) through 2019-08-26. It is possible to force wallets to send HTTP requests to arbitrary locations, both on the local network and on the internet. This is a serious threat to user privacy, since it can possibly leak their IP address and the fact that they are using the product. This also affects Dash Core through 0.14.0.3 and Private Instant Verified Transactions (PIVX) through 3.4.0.

References (1)

Core 1

Scores

CVSS v3 4.3
EPSS 0.0041
EPSS Percentile 32.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Details

CWE
CWE-352
Status published
Products (3)
dash/dash_core < 0.14.0.3
officialdapscoin/decentralized_anonymous_payment_system < 2019-08-26
pivx/private_instant_verified_transactions < 3.4.0
Published Dec 04, 2019
Tracked Since Feb 18, 2026