Description
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.
Recommendation
Update the ipfs-bitswap package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.24.1
- Patched version(s): 0.24.1
References
Related Issues
- Denial of Service in ws - Vulnerability
- Denial of Service in serialize-to-js - Vulnerability
- Regular Expression Denial of Service in markdown - Vulnerability
- Regular Expression Denial of Service in millisecond - Vulnerability
- Tags:
- npm
- ipfs-bitswap
Anything's wrong? Let us know Last updated on December 07, 2023