High severityNVD Advisory· Published Aug 12, 2021· Updated Aug 4, 2024
CVE-2021-38599
CVE-2021-38599
Description
WAL-G before 1.1, when a non-libsodium build (e.g., one of the official binary releases published as GitHub Releases) is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to encrypt all file activity."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/wal-g/wal-gGo | < 1.1 | 1.1 |
Affected products
2- WAL-G/WAL-Gdescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-vrmr-f2qh-3hhfghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-38599ghsaADVISORY
- github.com/wal-g/wal-g/commit/cadf598e1c2a345915a21a44518c5a4d5401e2e3ghsax_refsource_MISCWEB
- github.com/wal-g/wal-g/pull/1062ghsax_refsource_MISCWEB
- github.com/wal-g/wal-g/releases/tag/v1.1ghsaWEB
News mentions
0No linked articles in our index yet.