{"url":"http://public2.vulnerablecode.io/api/packages/150381?format=json","purl":"pkg:apk/alpine/go-ipfs@0.8.0-r0?arch=armv7&distroversion=v3.15&reponame=community","type":"apk","namespace":"alpine","name":"go-ipfs","version":"0.8.0-r0","qualifiers":{"arch":"armv7","distroversion":"v3.15","reponame":"community"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44962?format=json","vulnerability_id":"VCID-76y9-vs4j-d7d8","summary":"Path traversal in github.com/ipfs/go-ipfs\n### Impact\nIt is currently possible for path traversal to occur with DAGs containing relative paths during retrieval. This can cause files to be overwritten, or written to incorrect output directories. The issue can only occur when `ipfs get` is done on an affected DAG.\n\n1. The only affected command is `ipfs get`.\n2. The gateway is not affected.\n\n### Patches\nTraversal fix patched in https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227\n`tar-utils` patch applied to go-ipfs via https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2\n\n### Workarounds\nUpgrade to go-ipfs 0.8 or later.\n\n### References\nBinaries for the patched versions of go-ipfs are available on the IPFS distributions site, https://dist.ipfs.io/go-ipfs\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ipfs](https://github.com/ipfs/go-ipfs)\n* Email us at [security@ipfs.io](mailto:security@ipfs.io)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26279","reference_id":"","reference_type":"","scores":[{"value":"0.01624","scoring_system":"epss","scoring_elements":"0.82159","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26279"},{"reference_url":"https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ipfs/go-ipfs/commit/b7ddba7fe47dee5b1760b8ffe897908417e577b2"},{"reference_url":"https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ipfs/go-ipfs/security/advisories/GHSA-27pv-q55r-222g"},{"reference_url":"https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/whyrusleeping/tar-utils/commit/20a61371de5b51380bbdb0c7935b30b0625ac227"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26279","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26279"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150381?format=json","purl":"pkg:apk/alpine/go-ipfs@0.8.0-r0?arch=armv7&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go-ipfs@0.8.0-r0%3Farch=armv7&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2020-26279","GHSA-27pv-q55r-222g"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-76y9-vs4j-d7d8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45056?format=json","vulnerability_id":"VCID-f3qx-ssp8-c7et","summary":"Control character injection in console output in github.com/ipfs/go-ipfs\n### Impact\nControl characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action.\n\n### Patches\n<!-- _Has the problem been patched? What versions should users upgrade to?_  -->\n\n- Patched via https://github.com/ipfs/go-ipfs/pull/7831 in v0.8.0\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ipfs](http://github.com/ipfs/go-ipfs)\n* Email us at [security@ipfs.io](mailto:security@ipfs.io)","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26283","reference_id":"","reference_type":"","scores":[{"value":"0.00858","scoring_system":"epss","scoring_elements":"0.75301","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26283"},{"reference_url":"https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ipfs/go-ipfs/commit/fb0a9acd2d8288bd1028c3219a420de62a09683a"},{"reference_url":"https://github.com/ipfs/go-ipfs/pull/7831","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ipfs/go-ipfs/pull/7831"},{"reference_url":"https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/ipfs/go-ipfs/security/advisories/GHSA-r4gv-vj59-cccm"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26283","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-26283"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/150381?format=json","purl":"pkg:apk/alpine/go-ipfs@0.8.0-r0?arch=armv7&distroversion=v3.15&reponame=community","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go-ipfs@0.8.0-r0%3Farch=armv7&distroversion=v3.15&reponame=community"}],"aliases":["CVE-2020-26283","GHSA-r4gv-vj59-cccm"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3qx-ssp8-c7et"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/go-ipfs@0.8.0-r0%3Farch=armv7&distroversion=v3.15&reponame=community"}