Panic in encoding in github.com/ipld/go-ipld-prime
Overview
Source
ID
GO-2023-1269
Aliases
CVE-2023-22460
GHSA-c653-6hhg-9x92
Affected package
Description
Encoding data using the 'json' codec which contains a 'Bytes' type Node will cause the encoder to panic. The decoder is not impacted. If the codec is used to encode user supplied data, this may be used as a vector for a denial of service attack.
Summary
1.12k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
146
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
0.08%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.19.0
Patched/Unaffected
Affected