CVE-2020-10937

Unintended Proxy or Intermediary in go/github.com/ipfs/go-ipfs

Identifier

CVE-2020-10937

Package Slug

go/github.com/ipfs/go-ipfs

Vulnerability

Unintended Proxy or Intermediary

Description

An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs, mitigate this.

Affected Versions

Version 0.4.23

Solution

Upgrade to version 0.5.0 or above.

Last Modified

2020-11-16

source