Add CVE-2020-26283 for GHSA-r4gv-vj59-cccm

2025-08-04 08:44:25 +00:00 · 2021-03-24 14:27:32 -06:00 · 2021-03-24 14:27:32 -06:00 · 22bf783adf
commit 22bf783adf
parent 577578ea1e
1 changed files with 81 additions and 6 deletions
--- a/2020/26xxx/CVE-2020-26283.json
+++ b/2020/26xxx/CVE-2020-26283.json
@ -1,18 +1,93 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
    "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2020-26283",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Control character injection in console output"
    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "go-ipfs",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 0.8.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "ipfs"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem.  In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0."
            }
        ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "NETWORK",
+            "availabilityImpact": "NONE",
+            "baseScore": 6.8,
+            "baseSeverity": "MEDIUM",
+            "confidentialityImpact": "NONE",
+            "integrityImpact": "HIGH",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-116 Improper Encoding or Escaping of Output"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm"
+            },
+            {
+                "name": "https://github.com/ipfs/go-ipfs/pull/7831",
+                "refsource": "MISC",
+                "url": "https://github.com/ipfs/go-ipfs/pull/7831"
+            },
+            {
+                "name": "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a",
+                "refsource": "MISC",
+                "url": "https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-r4gv-vj59-cccm",
+        "discovery": "UNKNOWN"
    }
 }