Filippo Valsorda :go: on Nostr: age v1.2.1 fixes a security vulnerability in the CLI and in the plugin Go package. An ...
age v1.2.1 fixes a security vulnerability in the CLI and in the plugin Go package.
An attacker that controls a recipient, identity, or plugin name could cause age to execute arbitrary binaries. On Linux and macOS, the attacker needs some control over $TMPDIR.
Advisory: https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c
Release: https://github.com/FiloSottile/age/releases/tag/v1.2.1
Also fixed in rage: https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w
Thanks to ⬡-49016 for reporting this!
An attacker that controls a recipient, identity, or plugin name could cause age to execute arbitrary binaries. On Linux and macOS, the attacker needs some control over $TMPDIR.
Advisory: https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c
Release: https://github.com/FiloSottile/age/releases/tag/v1.2.1
Also fixed in rage: https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w
Thanks to ⬡-49016 for reporting this!