In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsUpgrade zebrad to version 4.5.0 or higher.
zebrad is a The Zcash Foundation's independent, consensus-compatible implementation of a Zcash node
Affected versions of this package are vulnerable to Uncaught Exception via the getblocktemplate process when parsing a user-supplied LongPollId parameter containing non-ASCII (multi-byte UTF-8) characters. An attacker can cause the node process to terminate unexpectedly by sending a specially crafted authenticated RPC request with a malformed LongPollId value. This is only exploitable if the RPC server is enabled and the attacker can authenticate to the RPC endpoint.
This vulnerability can be mitigated by disabling the RPC server, ensuring enable_cookie_auth = true and restricting access to the .cookie file, or placing a reverse proxy in front of the RPC port that validates LongPollId parameters are ASCII-only before forwarding.