age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary. Such a plugin name can be provided to the age CLI through an attacker-controlled recipient or identity string, or to the plugin.NewIdentity, plugin.NewIdentityWithoutData, or plugin.NewRecipient APIs. On UNIX systems, a directory matching ${TMPDIR:-/tmp}/age-plugin-* needs to exist for the attack to succeed. The binary is executed with a single flag, either –age-plugin=recipient-v1 or –age-plugin=identity-v1. The …