Vulnerability Description
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Protocol | Go-Ipfs | < 0.8.0 |
Related Weaknesses (CWE)
References
- https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683aPatchThird Party Advisory
- https://github.com/ipfs/go-ipfs/pull/7831PatchThird Party Advisory
- https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccmThird Party Advisory
- https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683aPatchThird Party Advisory
- https://github.com/ipfs/go-ipfs/pull/7831PatchThird Party Advisory
- https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccmThird Party Advisory
FAQ
What is CVE-2020-26283?
CVE-2020-26283 is a vulnerability with a CVSS score of 6.8 (MEDIUM). go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. ...
How severe is CVE-2020-26283?
CVE-2020-26283 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26283?
Check the references section above for vendor advisories and patch information. Affected products include: Protocol Go-Ipfs.