43 matches found
EUVD-2019-0287
Malware in sbrugna...
EUVD-2021-1239
Malware in sbrugna...
EUVD-2021-1391
Malware in sbrugna...
EUVD-2024-1286
Malicious code in bioql PyPI...
GHSA-F26W-GH5M-QQ77 vulnerabilities
Vulnerabilities for packages: ipfs-cluster-fips, go-ipfs-fips, ipfs, k3s...
CVE-2025-49140 vulnerabilities
Vulnerabilities for packages: ipfs-cluster-fips, go-ipfs-fips, ipfs, k3s...
CVE-2020-10937
An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...
CVE-2020-26283
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown,...
CVE-2020-26279
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...
CVE-2024-53259 vulnerabilities
Vulnerabilities for packages: teleport, traefik-fips, q, buf, caddy-fips, kubernetes-dns-node-cache, go-ipfs-fips, k3s, ipfs, kubernetes-dns-node-cache-fips, eks-distro, eks-distro-fips, cloudflared, coredns, caddy, spegel, coredns-fips, frp, traefik...
GO-2022-0418 Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs
Opened exploitable ports in default docker-compose.yaml in go-ipfs in github.com/ipfs/go-ipfs...
GHSA-R23H-3JMW-Q7HR Access Restriction Bypass in go-ipfs
An issue was discovered in IPFS aka go-ipfs 0.4.23. An attacker can generate ephemeral identities Sybils and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later...
Denial Of Service
go-ipfs nodes are vulnerable to Denial of Service when importing malformed CAR files. Importing a malformed CAR can exhaust all available memory...
GHSA-F2GR-7299-487H DOS and excessive memory usage when passing untrusted user input to to dag import
Impact go-ipfs nodes crash when trying to import certain malformed CAR files due to an issue in the go-car dependency. This impacts nodes running ipfs dag import on untrusted user inputs, for example, pinning services with a car ingest endpoint. This include the corresponding HTTP RPC API...
DOS and excessive memory usage when passing untrusted user input to to dag import
Impact go-ipfs nodes crash when trying to import certain malformed CAR files due to an issue in the go-car dependency. This impacts nodes running ipfs dag import on untrusted user inputs, for example, pinning services with a car ingest endpoint. This include the corresponding HTTP RPC API...
Denial Of Service (DoS)
go-ipfs is vulnerable to denial of service. The use of go-codec-dagpb dependency with an issue allows external user who download or export data to traverse certain malformed graphs and cause an application crash...
Path traversal in github.com/ipfs/go-ipfs
Impact It is currently possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when ipfs get is done on an affected DAG. 1. The only affected command is...
GHSA-27PV-Q55R-222G Path traversal in github.com/ipfs/go-ipfs
Impact It is currently possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when ipfs get is done on an affected DAG. 1. The only affected command is...
Path Traversal
github.com/ipfs/go-ipfs is vulnerable to path traversal. The use of whyrusleeping/tar-utils which fails to validate tarPath when a get is done on an malicious DAG file allows overwritting of files or writing to incorrect destination folders during retrieval...
CVE-2020-26279
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0-rc1, it is possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written t...