PT-2018-4741 · Ipfs · Go-Ipfs-Deps

Scott113341

Published

2018-05-31

Updated

2019-10-09

CVE-2016-10563

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions go-ipfs-deps versions prior to 0.4.4

Description The issue allows for a MITM attack to compromise the integrity of the resources used by the go-ipfs-deps module, potentially leading to further compromise. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. The impact ranges from being able to read sensitive information to remote code execution.

Recommendations Update to version 0.4.4 or later.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310CWE-311

Related Identifiers

CVE-2016-10563

GHSA-G3XP-V2FF-X5C3

Affected Products

Go-Ipfs-Deps

PT-2018-4741 · Ipfs · Go-Ipfs-Deps

CVE-2016-10563

Weakness Enumeration

Related Identifiers

Affected Products

References · 7