Description
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.
Recommendation
Update the ipfs-bitswap package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.24.1
- Patched version(s): 0.24.1
References
Related Issues
- ua-parser-js Regular Expression Denial of Service vulnerability - CVE-2020-7793
- Denial of Service (DoS) vulnerability in RSSHub - CVE-2022-31110
- tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
- Regular Expression Denial of Service in markdown - Vulnerability
- Tags:
- npm
- ipfs-bitswap
Anything's wrong? Let us know Last updated on December 07, 2023