Security
Security
A vulnerability has been discovered in borgmatic, which can lead to shell injection.
| Package | app-backup/borgmatic on all architectures |
|---|---|
| Affected versions | < 1.8.8 |
| Unaffected versions | >= 1.8.8 |
borgmatic is simple, configuration-driven backup software for servers and workstations.
Prevent shell injection attacks within the PostgreSQL hook, the MongoDB hook, the SQLite hook, the "borgmatic borg" action, and command hook variable/constant interpolation.
Shell injection may be used in several borgmatic backends to execute arbitrary code.
There is no known workaround at this time.
All borgmatic users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-backup/borgmatic-1.8.8"
Release date
May 05, 2024
Latest revision
May 05, 2024: 1
Severity
high
Exploitable
remote
Bugzilla entries