CVE-2024-56327
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-56327
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56327.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-56327
- Aliases
- Downstream
- Related
- Published
- 2024-12-19T22:24:37.174Z
- Modified
- 2025-11-20T12:31:30.315155Z
- Severity
-
- 7.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Malicious plugin names, recipients, or identities can cause arbitrary binary execution in pyrage
- Details
-
pyrage is a set of Python bindings for the rage file encryption library (age in Rust).
pyrageuses the Rustagecrate for its underlying operations, andageis vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant topyragefor the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions ofpyragebefore 1.2.0 lack plugin support and are therefore not affected. An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability. - Database specific
{ "cwe_ids": [ "CWE-94" ] }- References