CVE-2020-26283

Improper Encoding or Escaping of Output in go/github.com/ipfs/go-ipfs

Identifier

CVE-2020-26283

Package Slug

go/github.com/ipfs/go-ipfs

Vulnerability

Improper Encoding or Escaping of Output

Description

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.

Affected Versions

All versions before 0.8.0

Solution

Upgrade to version 0.8.0 or above.

Last Modified

2021-03-30

source