CVE-2023-22460

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22460

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22460.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22460

Aliases

Related

GHSA-c653-6hhg-9x92

Published

2023-01-04T15:15:09Z

Modified

2025-02-19T03:30:39.383132Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. Encoding data which contains a Bytes kind Node will pass a Bytes token to the JSON encoder which will panic as it doesn't expect to receive Bytes tokens. Such an encode should be treated as an error, as plain JSON should not be able to encode Bytes. This only impacts uses of the json codec. dag-json is not impacted. Use of json as a decoder is not impacted. This issue is fixed in v0.19.0. As a workaround, one may prefer the dag-json codec, which has the ability to encode bytes.

References

Affected packages

Git / github.com/ipld/go-ipld-prime

Affected ranges

Type: GIT
Repo: https://github.com/ipld/go-ipld-prime
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ac99fc3ecbe040a04ff4dcb83a00c9f65e863b15

Affected versions

v0.*

v0.0.1

v0.0.1-filecoin

v0.0.2

v0.0.3

v0.10.0

v0.11.0

v0.12.0

v0.12.1

v0.12.2

v0.12.3

v0.14.0

v0.14.1

v0.14.2

v0.14.3

v0.14.4

v0.16.0

v0.17.0

v0.18.0

v0.4

v0.4.0

v0.5

v0.5.0

v0.6.0

v0.7.0

v0.9.0