Description
Versions 0.1.1 or 0.1.2 of ipns are vulnerable to improper key validation. This is due to the public key verification was not being performed properly, resulting in any key being valid.
Recommendation
Update the ipns package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.1.3
- Patched version(s): 0.1.3
References
Related Issues
- Cross-site Scripting in jquery-ui - CVE-2010-5312
- nuxt Code Injection vulnerability - CVE-2023-3224
- QooxDoo XSS in Callback Parameter - CVE-2011-1714
- Denial of Service in ipfs-bitswap - Vulnerability
- Tags:
- npm
- ipns
Anything's wrong? Let us know Last updated on December 07, 2023