Description
Versions of ipfs-bitswap prior to 0.24.1 are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions.
Recommendation
Update the ipfs-bitswap package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.24.1
- Patched version(s): 0.24.1
References
Related Issues
- tarteaucitron.js has Regular Expression Denial of Service (ReDoS) vulnerability - CVE-2026-22809
- Denial of Service in rgb2hex - Vulnerability
- CommonRegexJS Regular Expression Denial of Service vulnerability - CVE-2020-26305
- Regular Expression Denial of Service in millisecond - Vulnerability
You might also like:
- Tags:
- npm
- ipfs-bitswap
Anything's wrong? Let us know Last updated on December 07, 2023


