PT-2021-11230 · Go-Ipfs · Go-Ipfs
Tintinweb
·
Published
2021-03-24
·
Updated
2024-08-21
·
CVE-2020-26279
CVSS v3.1
7.7
High
| Vector | AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions:
go-ipfs versions prior to 0.8.0-rc1
Description:
The issue is related to path traversal in go-ipfs, which can occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG.
Recommendations:
For go-ipfs versions prior to 0.8.0-rc1, upgrade to go-ipfs 0.8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of
ipfs get on affected DAGs until the issue is resolved.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Go-Ipfs