go-ipfs

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Unknown
Version	Removed

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1735	0.7.0-1	0.8.0-1	Medium	Fixed	FS#70152

Issue	Group	Severity	Remote	Type	Description
CVE-2020-26283	AVG-1735	Low	Yes	Content spoofing	In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in...
CVE-2020-26279	AVG-1735	Medium	Yes	Directory traversal	In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files...

Issue

Group

Severity

Remote

Type

Description

CVE-2020-26283

AVG-1735

Low

Yes

Content spoofing

In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in...

CVE-2020-26279

AVG-1735

Medium

Yes

Directory traversal

In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files...