Description
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.
Recommendation
Update the ipfs-bitswap package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.24.1
- Patched version(s): 0.24.1
References
Related Issues
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- nuxt Code Injection vulnerability - CVE-2023-3224
- QooxDoo XSS in Callback Parameter - CVE-2011-1714
- Improper Key Verification in ipns - Vulnerability
- Tags:
- npm
- ipfs-bitswap
Anything's wrong? Let us know Last updated on December 07, 2023