Control character injection in console output
Package
https://github.com/ipfs/go-ipfs
(GitHub)
Affected versions
<0.8.0
Patched versions
0.8.0
Description
Credits
-
tintinweb Analyst
tintinweb
Analyst
Impact
Control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.
Patches
Workarounds
Upgrade to go-ipfs 0.8.0 or later.
For more information
If you have any questions or comments about this advisory: