Lucene search

GitHub Advisory DatabaseGHSA-VCR5-XR9H-MVC5

HistoryNov 06, 2018 - 11:12 p.m.

python-gnupg vulnerable to shell injection

2018-11-0623:12:48

CWE-20

GitHub Advisory Database

github.com

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.6%

JSON

python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the shell_quote() function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Affected configurations

Vulners

Node

python-gnupg_projectpython-gnupgRange0.3.5–0.3.6

VendorProductVersionCPE
python-gnupg_projectpython-gnupg*cpe:2.3:a:python-gnupg_project:python-gnupg:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
python-gnupg_project	python-gnupg	*	cpe:2.3:a:python-gnupg_project:python-gnupg::::::::

References

seclists.org/oss-sec/2014/q1/245

seclists.org/oss-sec/2014/q1/335

www.debian.org/security/2014/dsa-2946

alioth-lists.debian.net/pipermail/debian-security-tracker-commits/2014-June/028512.html

code.google.com/archive/p/python-gnupg/issues/98

github.com/advisories/GHSA-vcr5-xr9h-mvc5

nvd.nist.gov/vuln/detail/CVE-2014-1929

web.archive.org/web/20200228170437/www.securityfocus.com/bid/65539

www.openwall.com/lists/oss-security/2014/02/04/3

www.openwall.com/lists/oss-security/2014/02/04/4

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.011

Percentile

84.6%

JSON

Related for GHSA-VCR5-XR9H-MVC5