Moderate severityNVD Advisory· Published Feb 17, 2022· Updated Aug 3, 2024
CVE-2022-24953
CVE-2022-24953
Description
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pear/crypt_gpgPackagist | < 1.6.7 | 1.6.7 |
Affected products
2- PHP/Crypt_GPG extensiondescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
4- github.com/advisories/GHSA-59x4-67mh-px54ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-24953ghsaADVISORY
- github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4eghsax_refsource_CONFIRMWEB
- github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.