GMS-2016-96: Downloads Resources over HTTP

December 16, 2016

During the installation process, the go-ipfs-deps module insecurely downloads resources over HTTP. This allows for a MITM attack to compromise the integrity of the resources used by this module and could allow for further compromise.

References

github.com/diasdavid/go-ipfs-dep/pull/12

Code Behaviors & Features

Detect and mitigate GMS-2016-96 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →