CVE-2020-26283: Improper Encoding or Escaping of Output

March 24, 2021 (updated March 27, 2021)

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.

References

nvd.nist.gov/vuln/detail/CVE-2020-26283

Detect and mitigate CVE-2020-26283 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →