GMS-2022-651: Opened exploitable ports in default docker-compose.yaml

April 4, 2022 (updated February 20, 2023)

Allows admin API access to the IPFS node.

References

github.com/advisories/GHSA-fx5p-f64h-93xc
github.com/ipfs/go-ipfs/commit/816a128aaf963d72c4930852ce32b9a4e31924a1
github.com/ipfs/go-ipfs/pull/8773
github.com/ipfs/go-ipfs/releases/tag/v0.12.1
github.com/ipfs/go-ipfs/security/advisories/GHSA-fx5p-f64h-93xc

Code Behaviors & Features

Detect and mitigate GMS-2022-651 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →