CVE-2020-26279

Path Traversal in go/github.com/ipfs/go-ipfs

Identifier

CVE-2020-26279

Package Slug

go/github.com/ipfs/go-ipfs

Vulnerability

Path Traversal

Description

It is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG.

Affected Versions

All versions up to 0.7.0

Solution

Upgrade to version 0.8.0-rc1 or above. Note: 0.8.0-rc1 may be an unstable version. Use caution.

Last Modified

2021-03-30

source