PT-2020-12435 · Protocol · Go-Ipfs

Published

2020-11-02

Updated

2024-06-04

CVE-2020-10937

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions go-ipfs versions prior to 0.7

Description An issue allows an attacker to generate ephemeral identities and leverage the connection management reputation system to poison other nodes' routing tables, effectively eclipsing target nodes from the rest of the network.

Recommendations For go-ipfs versions prior to 0.7, update to version 0.7 or later to mitigate the issue.

Fix

Improper Access Control

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284

Related Identifiers

CVE-2020-10937

GHSA-R23H-3JMW-Q7HR

GO-2024-2779

Affected Products

Go-Ipfs

PT-2020-12435 · Protocol · Go-Ipfs

CVE-2020-10937

Weakness Enumeration

Related Identifiers

Affected Products

References · 7