CVE-2023-50475
Description
An issue was discovered in bcoin-org bcoin version 2.2.0, allows remote attackers to obtain sensitive information via weak hashing algorithms in the component \vendor\faye-websocket.js.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CVE-2023-50475: bcoin 2.2.0 uses weak hashing algorithms in faye-websocket.js, enabling remote attackers to obtain sensitive information.
Vulnerability
Overview
CVE-2023-50475 affects bcoin-org bcoin version 2.2.0, a JavaScript Bitcoin library. The issue resides in the component vendor/faye-websocket.js, which relies on weak hashing algorithms. This weakness allows remote attackers to obtain sensitive information [1].
Attack
Vector
An attacker can exploit this vulnerability remotely without authentication, leveraging the weak hashing algorithms used in the WebSocket implementation. The precise attack vector is not detailed further in available advisories, but the remote nature indicates network-based exploitation is possible [1].
Impact
Successful exploitation leads to the disclosure of sensitive information. The exact nature of the disclosed data is not specified, but it could include cryptographic material or other secrets handled by the WebSocket component [1].
Mitigation
As of the publication date, no patch or workaround has been announced. Users of bcoin 2.2.0 should monitor the project's GitHub repository for updates and consider upgrading to a patched version when available [2][4].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
bsocknpm | <= 0.1.11 | — |
Affected products
3- bcoin-org/bcoindescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-jj93-39pf-7mcfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-50475ghsaADVISORY
- github.com/bcoin-org/bcoin/blob/master/node_modules/bsock/package.jsonghsaWEB
- github.com/bcoin-org/bcoin/issues/1174ghsaWEB
- github.com/bcoin-org/bsock/blob/master/package.jsonghsaWEB
- github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-50475.mdghsaWEB
News mentions
0No linked articles in our index yet.