You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
"summary": "pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution",
"details": "`pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w.\n\nAll details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details.\n\nVersions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**.\n\nAn equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory [GHSA-32gq-x56h-299c](https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c).\n\nThanks to ⬡-49016 for reporting this issue.",
