Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2019/02/18 11:54 p.m.4 views

@dapp-stack/ipfs (>=0.1.0 <=0.5.0), @dapp-stack/scripts (>=0.1.0 <=0.3.0) +6 more potentially affected by CVE-2016-10563 via go-ipfs-dep (>=0.4.0-1 <=0.4.3-2)

go-ipfs-dep NPM version =0.4.0-1, =0.1.0, =0.1.0, =0.1.0, =1.0.2, =1.0.0, =0.4.0-hacky2, =0.9.0, =1.0.0, =1.6.0 Source cves: CVE-2016-10563 Source advisory: OSV:GHSA-G3XP-V2FF-X5C3...

8.1CVSS7.2AI score0.00773EPSS
Exploits0
OSV
OSV
added 2019/02/18 11:54 p.m.21 views

GHSA-G3XP-V2FF-X5C3 Downloads Resources over HTTP in go-ipfs-dep

Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

8.1CVSS8.1AI score0.00773EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2019/02/18 11:54 p.m.19 views

Downloads Resources over HTTP in go-ipfs-dep

Affected versions of go-ipfs-deps insecurely download resources over HTTP. In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the...

8.1CVSS5.6AI score0.00773EPSS
Exploits0References4Affected Software1
Veracode
Veracode
added 2016/12/19 8:34 a.m.16 views

Man In The Middle (MitM)

go-ipfs-dep is vulnerable to man-in-the-middle MitM attacks. This is because the library downloads binaries via HTTP, allowing MitM attacks. It may also cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or...

8.1CVSS8.3AI score0.00773EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder