Security vulnerabilities in Home Assistant & custom integrations
-
I know that some folks in here are using Home Assistant, but they may not all be visiting the HA website regularly. So I thought I'd share this info here.
They have published two security disclosures recently, informing us about security vulnerabilities found in third party integrations (including HACS, commonly used to integrate Alexa and such), which allowed an attacker to access any file that is accessible by the Home Assistant process. Be sure to upgrade to Home Assistant Core 2021.1.5 or later and all custom integrations as soon as possible.
More details as well as (all?) affected custom integrations can be found in the Home Assistant blog.