Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202405-13
HistoryMay 05, 2024 - 12:00 a.m.

borgmatic: Shell Injection

2024-05-0500:00:00
Gentoo Foundation
security.gentoo.org
2
prevention
configuration-driven
backup software
servers
workstations
shell injection
postgresql
mongodb
sqlite
arbitrary code
upgrade
security fix

8.3 High

AI Score

Confidence

Low

JSON

Background

borgmatic is simple, configuration-driven backup software for servers and workstations.

Description

Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the “borgmatic borg” action, and command hook variable/constant interpolation.

Impact

Shell injection may be used in several borgmatic backends to execute arbitrary code.

Workaround

There is no known workaround at this time.

Resolution

All borgmatic users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-backup/borgmatic< 1.8.8UNKNOWN

8.3 High

AI Score

Confidence

Low

JSON