GMS-2020-299: Denial of Service in ipfs-bitswap

September 2, 2020 (updated September 27, 2021)

Versions of ipfs-bitswap are vulnerable to Denial of Service (DoS). The package put unwanted blocks in the blockstore, which could be used to exhaust system resources in specific conditions. Upgrade to or later.

References

github.com/advisories/GHSA-6fcr-9h9g-23fq
github.com/ipfs/js-ipfs-bitswap/pull/194
snyk.io/vuln/SNYK-JS-IPFSBITSWAP-174847
www.npmjs.com/advisories/916

Code Behaviors & Features

Detect and mitigate GMS-2020-299 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →