GO-2024-3344
- Source
- https://pkg.go.dev/vuln/GO-2024-3344
- Import Source
- https://vuln.go.dev/ID/GO-2024-3344.json
- JSON Data
- https://api.osv.dev/v1/vulns/GO-2024-3344
- Aliases
- Related
- Published
- 2024-12-20T20:36:46Z
- Modified
- 2024-12-20T21:13:27.476853Z
- Summary
- Malicious plugin names, recipients, or identities causing arbitrary binary execution in filippo.io/age
- Details
-
Malicious plugin names, recipients, or identities causing arbitrary binary execution in filippo.io/age
- Database specific
{ "url": "https://pkg.go.dev/vuln/GO-2024-3344", "review_status": "REVIEWED" }- References
- Credits
-
-
- ⬡-49016
-
Affected packages
Go / filippo.io/age
Package
- Name
- filippo.io/age
- View open source insights on deps.dev
- Purl
- pkg:golang/filippo.io/age
Affected ranges
- Type
- SEMVER
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.2.1
Ecosystem specific
{
"imports": [
{
"symbols": [
"EncodeIdentity",
"EncodeRecipient",
"Identity.Unwrap",
"NewIdentity",
"NewIdentityWithoutData",
"NewRecipient",
"ParseIdentity",
"ParseRecipient",
"Recipient.Wrap",
"Recipient.WrapWithLabels",
"openClientConnection"
],
"path": "filippo.io/age/plugin"
}
]
}