AVG-1735 log

Package	go-ipfs
Status	Fixed
Severity	Medium
Type	multiple issues
Affected	0.7.0-1
Fixed	0.8.0-1
Current	Removed
Ticket	FS#70152
Created	Wed Mar 24 23:09:43 2021

Issue	Severity	Remote	Type	Description
CVE-2020-26283	Low	Yes	Content spoofing	In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in...
CVE-2020-26279	Medium	Yes	Directory traversal	In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files...

Issue

Severity

Remote

Type

Description

CVE-2020-26283

Low

Yes

Content spoofing

In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in...

CVE-2020-26279

Medium

Yes

Directory traversal

In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files...