Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2024-56327

Good to know:

icon

Date: December 19, 2024

pyrage is a set of Python bindings for the rage file encryption library (age in Rust). "pyrage" uses the Rust "age" crate for its underlying operations, and "age" is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to "pyrage" for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of "pyrage" before 1.2.0 lack plugin support and are therefore not affected. An equivalent issue was fixed in "the reference Go implementation of age" (https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability.

Language: RUST

Severity Score

Related Resources (7)

https://github.com/woodruffw/pyrage/security/advisories/GHSA-47h8-jmp3-9f28
https://github.com/woodruffw/pyrage
https://github.com/FiloSottile/age/security/advisories/GHSA-32gq-x56h-299c
https://github.com/advisories/GHSA-4fg7-vxc8-qx5w
https://github.com/str4d/rage/security/advisories/GHSA-4fg7-vxc8-qx5w
https://nvd.nist.gov/vuln/detail/CVE-2024-56327
https://www.mend.io/vulnerability-database/CVE-2024-56327

Severity Score

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Path Traversal: '/../filedir'

CWE-25

Dependency on Vulnerable Third-Party Component

CWE-1395

Top Fix

icon

Upgrade Version

Upgrade to version pyrage - 1.2.3

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): HIGH
Integrity (I): HIGH
Availability (A): HIGH

Do you need more information?

Contact Us