GHSA-6fcr-9h9g-23fq

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Denial of Service in ipfs-bitswap

Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.

Recommendation

Upgrade to version 0.24.1 or later.

Ссылки

https://github.com/ipfs/js-ipfs-bitswap/pull/194
https://snyk.io/vuln/SNYK-JS-IPFSBITSWAP-174847
https://www.npmjs.com/advisories/916

Пакеты

Наименование

ipfs-bitswap

npm

Затронутые версииВерсия исправления

< 0.24.1

0.24.1

5.9 Medium

CVSS3

Дефекты

CWE-400

5.9 Medium

CVSS3

Дефекты

CWE-400