Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-26283 - log back

CVE-2020-26283 edited at 24 Mar 2021 23:13:57

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Content spoofing

Description

+	In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.

References

+	https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm
+	https://github.com/ipfs/go-ipfs/pull/7831
+	https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a

Notes

CVE-2020-26283 created at 24 Mar 2021 23:09:43