Panic in encoding in github.com/ipld/go-ipld-prime

Overview

Source
ID
GO-2023-1269
Aliases
CVE-2023-22460
GHSA-c653-6hhg-9x92

Description

Encoding data using the 'json' codec which contains a 'Bytes' type Node will cause the encoder to panic. The decoder is not impacted. If the codec is used to encode user supplied data, this may be used as a vector for a denial of service attack.

Summary

1.12k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
146
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
0.08%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.19.0
Affected