In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Arbitrary Code Execution vulnerabilities in an interactive lesson.
Start learningUpgrade go.mozilla.org/sops/v3/cmd/sops
to version 3.7.1 or higher.
Affected versions of this package are vulnerable to Arbitrary Code Execution. Windows users using the sops direct editor option (sops file.yaml
) can have a local executable named either vi
, vim
, or nano
executed if running sops from cmd.exe
.
This attack is only viable if an attacker is able to place a malicious binary within the directory from which you are running sops. Also, this attack is only possible when using cmd.exe
or the Windows C library SearchPath
function. This is a result of these Windows tools including .
within their PATH by default.