CVE-2020-26283

High

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version…

GitHub_M·CWE-116·Published 2021-03-24

CVSS

8.8

EPSS

0.01

KEV

Exploits

cve.orgen

345 chars

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.

NVDen

345 chars

GHSAen

545 chars

### Impact Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. ### Patches  - Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0 ### For more information If you have any questions or comments about this advisory: * Open an issue in [go-ipfs](http://github.com/ipfs/go-ipfs) * Email us at [security@ipfs.io](mailto:security@ipfs.io)

NVDes

422 chars

go-ipfs es una implementación golang de código abierto de IPFS, que es un sistema de archivos global, versionado, peer-to-peer. En go-ipfs versiones anteriores a 0.8.0, los caracteres de control no se escapan de la salida de la consola. Esto puede resultar en ocultar la entrada del usuario, lo que podría resultar en que el usuario tome una acción maliciosa desconocida. Esto se corrige en la versión 0.8.0

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	6.5	8.0	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
3.1	Primary	NVD	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
3.1	Primary	cve.org	6.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
3.1	Secondary	GHSA	6.8	—	—	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N
3.1	Secondary	NVD	6.8	2.3	4.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N