Critical severity9.8NVD Advisory· Published Apr 30, 2019· Updated Jun 17, 2026
CVE-2019-11627
CVE-2019-11627
Description
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
Affected products
2- osv-coords2 versionspkg:rpm/opensuse/signing-party&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/signing-party&distro=openSUSE%20Tumbleweed
< 2.7-lp150.5.1+ 1 more
- (no CPE)range: < 2.7-lp150.5.1
- (no CPE)range: < 2.11-1.3
Patches
Vulnerability mechanics
References
3- bugs.debian.org/928256nvdExploitIssue TrackingMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2019/05/msg00001.htmlnvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.