Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0Z3Ytdmo1OS1jY2Nt
Control character injection in console output in github.com/ipfs/go-ipfs
Impact
Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.
Patches
- Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0
For more information
If you have any questions or comments about this advisory:
- Open an issue in go-ipfs
- Email us at [email protected]
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0Z3Ytdmo1OS1jY2Nt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 6.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
Identifiers: GHSA-r4gv-vj59-cccm, CVE-2020-26283
References:
- https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm
- https://nvd.nist.gov/vuln/detail/CVE-2020-26283
- https://github.com/ipfs/go-ipfs/pull/7831
- https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a
- https://github.com/advisories/GHSA-r4gv-vj59-cccm
Blast Radius: 18.2
Affected Packages
go:github.com/ipfs/go-ipfs
Dependent packages: 368Dependent repositories: 475
Downloads:
Affected Version Ranges: < 0.8.0
Fixed in: 0.8.0
All affected versions: 0.2.2, 0.2.3, 0.3.2, 0.3.3, 0.3.4, 0.3.5, 0.3.6, 0.3.7, 0.3.8, 0.3.9, 0.3.10, 0.3.11, 0.4.0, 0.4.1, 0.4.2, 0.4.3, 0.4.4, 0.4.5, 0.4.6, 0.4.7, 0.4.8, 0.4.9, 0.4.10, 0.4.11, 0.4.12, 0.4.13, 0.4.14, 0.4.15, 0.4.16, 0.4.17, 0.4.18, 0.4.19, 0.4.20, 0.4.21, 0.4.22, 0.4.23, 0.5.0, 0.5.1, 0.6.0, 0.7.0
All unaffected versions: 0.8.0, 0.9.0, 0.9.1, 0.10.0, 0.11.0, 0.11.1, 0.12.0, 0.12.1, 0.12.2, 0.13.0, 0.13.1, 0.14.0, 0.15.0, 0.16.0, 0.17.0, 0.18.0, 0.18.1, 0.19.0, 0.19.1, 0.19.2, 0.20.0, 0.21.0, 0.21.1, 0.22.0, 0.23.0, 0.24.0, 0.25.0, 0.26.0, 0.27.0, 0.28.0