CVE-2020-26279

Опубликовано: 24 мар. 2021

Источник: nvd

CVSS3: 7.7

CVSS3: 8.1

CVSS2: 5.5

EPSS Низкий

Описание

go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when a get is done on an affected DAG. This is fixed in version 0.8.0-rc1.

Ссылки

https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2
Patch
Third Party Advisory
https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g
Third Party Advisory
https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
Patch
Third Party Advisory
https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2
Patch
Third Party Advisory
https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g
Third Party Advisory
https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:protocol:go-ipfs:*:*:*:*:*:*:*:*

Версия до 0.7.0 (включая)

EPSS

Процентиль: 81%

0.01624

Низкий

7.7 High

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

CVE-2020-26279

CVSS3: 7.7

debian

больше 4 лет назад

go-ipfs is an open-source golang implementation of IPFS which is a glo ...

GHSA-27pv-q55r-222g

CVSS3: 7.7

github

около 4 лет назад

Path traversal in github.com/ipfs/go-ipfs

EPSS

Процентиль: 81%

0.01624

Низкий

7.7 High

CVSS3

8.1 High

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-22