Downloads Resources over HTTP

2016-12-16T00:20:49
ID NODEJS:156
Type nodejs
Reporter Scott Hardy & Adam Baldwin
Modified 2016-12-16T00:20:49

Description

Overview

During the installation process, the go-ipfs-deps module insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

Remediation

Update to version 0.4.4 or greater

References

  • <https://github.com/diasdavid/go-ipfs-dep/pull/12>