The Data, Context, or Key finalizers might run during or before GPGME operations. This will release the C structures that are still in use, leading to crashes and potentially code execution through a use-after-free.
{ "imports": [ { "path": "github.com/proglottis/gpgme" } ] }
{ "url": "https://pkg.go.dev/vuln/GO-2020-0002" }