Loading HuntDB...

GHSA-g3xp-v2ff-x5c3

GitHub Security Advisory

Downloads Resources over HTTP in go-ipfs-dep

✓ GitHub Reviewed HIGH Has CVE

Advisory Details

Affected versions of `go-ipfs-deps` insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read such resources at will. While the exact severity of impact for a vulnerability like this is highly variable and depends on the behavior of the package itself, it ranges from being able to read sensitive information all the way up to and including remote code execution.

## Recommendation

Update to version 0.4.4 or later.

Affected Packages

npm go-ipfs-dep
Affected versions: 0 (fixed in 0.4.4)

Related CVEs

Key Information

GHSA ID
GHSA-g3xp-v2ff-x5c3
Published
February 18, 2019 11:54 PM
Last Modified
August 31, 2020 6:12 PM
CVSS Score
7.5 /10
Primary Ecosystem
npm
Primary Package
go-ipfs-dep
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.