GitHub Advisory DatabaseGHSA-R4GV-VJ59-CCCMControl character injection in console output in github.com/ipfs/go-ipfs
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.7%
Impact
Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.
Patches
- Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0
For more information
If you have any questions or comments about this advisory:
- Open an issue in go-ipfs
- Email us at [email protected]
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| ipfs | go-ipfs-dep | * | cpe:2.3:a:ipfs:go-ipfs-dep:*:*:*:*:*:node.js:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
55.7%