CVE-2024-56327

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56327

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56327.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56327

Aliases

GHSA-47h8-jmp3-9f28

Related

Published

2024-12-19T23:15:07Z

Modified

2025-01-15T05:16:50.248936Z

Summary

[none]

Details

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). pyrage uses the Rust age crate for its underlying operations, and age is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to pyrage for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of pyrage before 1.2.0 lack plugin support and are therefore not affected. An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/filosottile/age

Affected ranges

Type: GIT
Repo: https://github.com/filosottile/age
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bbe6ce5eeb1bb70cfc705d0961c943f0dd637ffd

Type: GIT
Repo: https://github.com/woodruffw/pyrage
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ec398c4a38a1d2e184458c96153df89e606b0ba5

Affected versions

v0.*

v0.1.1-rc.1

v0.1.1-rc.2

v1.*

v1.0.0

v1.0.0-beta1

v1.0.0-beta2

v1.0.0-beta3

v1.0.0-beta4

v1.0.0-beta5

v1.0.0-beta6

v1.0.0-beta7

v1.0.0-rc.1

v1.0.0-rc.2

v1.0.0-rc.3

v1.0.1

v1.0.1-rc.1

v1.0.1-rc.2

v1.0.1-rc.3

v1.0.1-rc.4

v1.0.1-rc.5

v1.0.1-rc.6

v1.0.1-rc.7

v1.0.2

v1.0.2-rc.1

v1.0.2-rc.2

v1.0.3

v1.0.3-rc.1

v1.0.3-rc.2

v1.1.0

v1.1.0-rc.1

v1.1.1

v1.1.2

v1.1.3-rc.1