GHSA-x5c7-x7m2-rhmf: 
vulnerability analysis and mitigation

A local directory executable lookup vulnerability was discovered in SOPS (Simple and Flexible Secret Management), affecting Windows systems using versions prior to 3.7.1. The vulnerability was published on April 22, 2021, and primarily impacts Windows users utilizing the SOPS direct editor option. The issue was assigned the identifier GHSA-x5c7-x7m2-rhmf and was classified as a low-severity vulnerability (GitHub Advisory).

The vulnerability stems from how SOPS handles executable lookups when using the direct editor option (sops file.yaml) on Windows systems. The issue specifically occurs when running SOPS from cmd.exe or when using the Windows C library SearchPath function, as these tools include the current directory (.) within their PATH by default. This behavior could potentially allow the execution of local binaries named vi, vim, or nano (GitHub Advisory).

The vulnerability's impact is limited to scenarios where an attacker can place a malicious binary within the directory where SOPS is being executed. The risk is specifically tied to Windows environments using cmd.exe or systems that have the current directory (.) in their default PATH (GitHub Advisory).

The vulnerability has been patched in SOPS version 3.7.1. In this version, when Windows users using cmd.exe encounter the issue, a warning message is displayed: 'vim resolves to executable in current directory (.\vim.exe)'. Users are strongly advised to upgrade to version 3.7.1 or later, especially if they are using SOPS within untrusted directories on Windows via cmd.exe or if they have '.' within their default PATH (GitHub Advisory).