CVE-2020-26283: Control character injection in console output
First published: Wed Mar 24 2021(Updated: )
go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| go-ipfs | <0.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-26283?
CVE-2020-26283 has a severity rating that can vary but is considered to be moderate due to its potential impact on user input visibility.
How do I fix CVE-2020-26283?
To fix CVE-2020-26283, upgrade to go-ipfs version 0.8.0 or later, where the issue has been addressed.
What are the consequences of CVE-2020-26283?
The consequences of CVE-2020-26283 include the risk of user input being obscured due to unescaped control characters in console output.
Which versions of go-ipfs are affected by CVE-2020-26283?
CVE-2020-26283 affects all versions of go-ipfs prior to version 0.8.0.
Is CVE-2020-26283 a remote code execution vulnerability?
CVE-2020-26283 is not a remote code execution vulnerability but rather a local issue affecting console output visibility.
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/protocol
- canonical/go-ipfs