go-ipfs

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A peer-to-peer hypermedia distribution protocol
Version 0.9.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1735 0.7.0-1 0.8.0-1 Medium Fixed FS#70152
Issue Group Severity Remote Type Description
CVE-2020-26283 AVG-1735 Low Yes Content spoofing
In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in...
CVE-2020-26279 AVG-1735 Medium Yes Directory traversal
In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files...