{"id":"CVE-2019-13000","details":"Eclair through 0.3 allows attackers to trigger loss of funds because of Incorrect Access Control. NOTE: README.md states \"it is beta-quality software and don't put too much money in it.\"","modified":"2026-04-10T04:12:42.267555Z","published":"2020-01-31T20:15:10.930Z","references":[{"type":"ADVISORY","url":"https://github.com/ACINQ/eclair/releases"},{"type":"FIX","url":"https://github.com/ACINQ/eclair/commits/master"},{"type":"EVIDENCE","url":"https://lists.linuxfoundation.org/pipermail/lightning-dev/2019-September/002174.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/acinq/eclair","events":[{"introduced":"0"},{"last_affected":"a5debcd913d01a513309169de7a2ae7f76b132a7"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"0.3"}]}}],"versions":["v0.1-alpha.1","v0.2-alpha1","v0.2-alpha10","v0.2-alpha11","v0.2-alpha2","v0.2-alpha3","v0.2-alpha4","v0.2-alpha5","v0.2-alpha6","v0.2-alpha7","v0.2-alpha8","v0.2-alpha9","v0.2-beta1","v0.2-beta2","v0.2-beta3","v0.2-beta4","v0.2-beta5","v0.2-beta6","v0.2-beta7","v0.2-beta8","v0.2-beta9","v0.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-13000.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}