AVG-1735 log
Package | go-ipfs |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 0.7.0-1 |
Fixed | 0.8.0-1 |
Current | Removed |
Ticket | FS#70152 |
Created | Wed Mar 24 23:09:43 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-26283 | Low | Yes | Content spoofing | In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in... |
CVE-2020-26279 | Medium | Yes | Directory traversal | In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files... |