Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0Z3Ytdmo1OS1jY2Nt

Moderate EPSS: 0.00858% (0.73714 Percentile) EPSS:
Permalink JSON

Control character injection in console output in github.com/ipfs/go-ipfs

Affected Packages Affected Versions Fixed Versions
go:github.com/ipfs/go-ipfs
PURL: pkg:go/github.com%2Fipfs%2Fgo-ipfs
< 0.8.0 0.8.0
368 Dependent packages
475 Dependent repositories

Affected Version Ranges

All affected versions

v0.2.2, v0.2.2-buildfails, v0.2.3, v0.2.3-buildfails, v0.3.2, v0.3.3, v0.3.3-buildfails, v0.3.4, v0.3.5, v0.3.6, v0.3.7, v0.3.8, v0.3.8-dev-trailers, v0.3.9, v0.3.10, v0.3.11, v0.3.11-rc1, v0.4.0, v0.4.0-rc1, v0.4.0-rc2, v0.4.0-rc3, v0.4.1, v0.4.1-rc1, v0.4.2, v0.4.3, v0.4.3-dev, v0.4.3-rc1, v0.4.3-rc2, v0.4.3-rc3, v0.4.3-rc4, v0.4.4, v0.4.5, v0.4.5-pre1, v0.4.5-pre2, v0.4.5-rc1, v0.4.5-rc2, v0.4.5-rc3, v0.4.5-rc4, v0.4.6, v0.4.6-rc1, v0.4.7, v0.4.7-rc1, v0.4.8, v0.4.8-rc1, v0.4.9, v0.4.9-rc1, v0.4.9-rc2, v0.4.10, v0.4.10-rc1, v0.4.11, v0.4.11-pre, v0.4.11-rc1, v0.4.11-rc2, v0.4.12, v0.4.12-rc1, v0.4.12-rc2, v0.4.13, v0.4.13-rc1, v0.4.14, v0.4.14-rc1, v0.4.14-rc2, v0.4.14-rc3, v0.4.15, v0.4.15-rc1, v0.4.16, v0.4.16-rc1, v0.4.16-rc2, v0.4.16-rc3, v0.4.17, v0.4.17-rc1, v0.4.18, v0.4.18-rc1, v0.4.18-rc2, v0.4.19, v0.4.19-rc1, v0.4.19-rc2, v0.4.20, v0.4.20-rc1, v0.4.20-rc2, v0.4.21, v0.4.21-rc1, v0.4.21-rc2, v0.4.21-rc3, v0.4.22, v0.4.22-rc1, v0.4.23, v0.4.23-rc1, v0.4.23-rc2, v0.5.0, v0.5.0-dev-8to9pre1, v0.5.0-dev-8to9pre2, v0.5.0-rc1, v0.5.0-rc2, v0.5.0-rc3, v0.5.0-rc4, v0.5.1, v0.6.0, v0.6.0-rc1, v0.6.0-rc2, v0.6.0-rc3, v0.6.0-rc4, v0.6.0-rc5, v0.6.0-rc6, v0.6.0-rc7, v0.7.0, v0.7.0-rc1, v0.7.0-rc2

All unaffected versions

v0.8.0, v0.9.0, v0.9.1, v0.10.0, v0.11.0, v0.11.1, v0.12.0, v0.12.1, v0.12.2, v0.13.0, v0.13.1, v0.14.0, v0.15.0, v0.16.0, v0.17.0, v0.18.0, v0.18.1, v0.19.0, v0.19.1, v0.19.2, v0.20.0, v0.21.0, v0.21.1, v0.22.0, v0.23.0, v0.24.0, v0.25.0, v0.26.0, v0.27.0, v0.28.0, v0.29.0, v0.30.0, v0.31.0, v0.32.0, v0.32.1, v0.33.0, v0.33.1, v0.33.2, v0.34.0, v0.34.1, v0.35.0, v0.36.0, v0.37.0, v0.38.0, v0.38.1, v0.38.2

Impact

Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.

Patches

For more information

If you have any questions or comments about this advisory:

References:

Identifiers

GHSA-r4gv-vj59-cccm

CVE-2020-26283

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00858

EPSS Percentile: 0.73714

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/ipfs/go-ipfs

Date and time

Published

over 4 years ago

Updated

almost 3 years ago

API

JSON