GHSA-4fg7-vxc8-qx5w
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Blast Radius
rage🦀age🦀age🦀age🦀age🦀age🦀age🦀rage+4 moreReal-time download stats are indexed for npm and PyPI packages. This vulnerability affects crates.io packages — download data is not available via public APIs for these ecosystems.
Description
A plugin name containing a path separator may allow an attacker to execute an arbitrary binary.
Such a plugin name can be provided to the rage CLI through an attacker-controlled recipient or identity string, or to the following age APIs when the plugin feature flag is enabled:
age::plugin::Identity::from_str(or equivalentlystr::parse::<age::plugin::Identity>())age::plugin::Identity::default_for_pluginage::plugin::IdentityPluginV1::newage::plugin::Recipient::from_str(or equivalentlystr::parse::<age::plugin::Recipient>())age::plugin::RecipientPluginV1::new
On UNIX systems, a directory matching age-plugin-* needs to exist in the working directory for the attack to succeed.
The binary is executed with a single flag, either --age-plugin=recipient-v1 or --age-plugin=identity-v1. The standard input includes the recipient or identity string, and the random file key (if encrypting) or the header of the file (if decrypting). The format is constrained by the age-plugin protocol.
An equivalent issue was fixed in the reference Go implementation of age, see advisory GHSA-32gq-x56h-299c.
Thanks to ⬡-49016 for reporting this issue.
Affected Packages
| Ecosystem | Package | Vulnerable range | Fix |
|---|---|---|---|
| 🦀crates.io | rage | ≥ 0.6.0&&< 0.6.1 | 0.6.1 |
| 🦀crates.io | age | ≥ 0.6.0&&< 0.6.1 | 0.6.1 |
| 🦀crates.io | age | ≥ 0.7.0&&< 0.7.2 | 0.7.2 |
| 🦀crates.io | age | ≥ 0.8.0&&< 0.8.2 | 0.8.2 |
| 🦀crates.io | age | ≥ 0.9.0&&< 0.9.3 | 0.9.3 |
| 🦀crates.io | age | ≥ 0.10.0&&< 0.10.1 | 0.10.1 |
Detection & mitigation playbook
Open-source dependencyDetect
Scan your dependency tree (package-lock.json, pnpm-lock.yaml, requirements.txt, go.sum, etc.) for rage. O3's reachability analysis confirms whether the vulnerable code path is actually invoked in your application, so you act on real exposure instead of every transitive match.
Fix
Update rage to 0.6.1 or later, then make sure no transitive (indirect) dependency still pins the vulnerable range — O3 confirms GHSA-4fg7-vxc8-qx5w is resolved across your whole dependency graph.
Workarounds
If you can't upgrade right away: gate or disable the affected feature, validate untrusted input at the boundary, and avoid passing attacker-controlled data into the vulnerable path. O3's runtime protection blocks exploitation in production as an interim safeguard until the upgrade lands.
How O3 protects you
O3 pinpoints whether GHSA-4fg7-vxc8-qx5w is reachable in your code and exactly where to fix it, then blocks exploitation in production at runtime until the patched version is deployed.
Tailored to GHSA-4fg7-vxc8-qx5w. Runtime protection reduces exposure until a permanent patch is applied and verified — it complements patching, it doesn't replace it.
Frequently Asked Questions
Is GHSA-4fg7-vxc8-qx5w in your dependencies?
O3 detects GHSA-4fg7-vxc8-qx5w across crates.io dependencies and uses function-level reachability to confirm whether the vulnerable code path is actually reachable — not just present. No false positives.