Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmY3ItOWg5Zy0yM2Zx
Denial of Service in ipfs-bitswap
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.
Recommendation
Upgrade to version 0.24.1 or later.
Permalink: https://github.com/advisories/GHSA-6fcr-9h9g-23fqJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmY3ItOWg5Zy0yM2Zx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 3 years ago
Updated: 9 months ago
CVSS Score: 5.9
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/
Identifiers: GHSA-6fcr-9h9g-23fq
References:
- https://github.com/ipfs/js-ipfs-bitswap/pull/194
- https://snyk.io/vuln/SNYK-JS-IPFSBITSWAP-174847
- https://www.npmjs.com/advisories/916
- https://github.com/advisories/GHSA-6fcr-9h9g-23fq
Affected Packages
npm:ipfs-bitswap
Versions: < 0.24.1Fixed in: 0.24.1