Skip to content

Control character injection in console output

Low
jacobheun published GHSA-r4gv-vj59-cccm Mar 24, 2021

Package

https://github.com/ipfs/go-ipfs (GitHub)

Affected versions

<0.8.0

Patched versions

0.8.0

Description

Impact

Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.

Patches

Workarounds

Upgrade to go-ipfs 0.8.0 or later.

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2020-26283

Weaknesses

No CWEs

Credits