PyPI package
python-gnupg
pkg:pypi/python-gnupg
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-6690 | — | < 0.4.4 | 0.4.4 | Mar 17, 2019 | python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation | ||
| CVE-2014-1929 | — | >= 0.3.5, < 0.3.7 | 0.3.7 | Oct 25, 2014 | python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. | ||
| CVE-2014-1928 | — | >= 0.3.5, < 0.3.6 | 0.3.6 | Oct 25, 2014 | The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences | ||
| CVE-2014-1927 | — | >= 0.3.5, < 0.3.6 | 0.3.6 | Oct 25, 2014 | The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability | ||
| CVE-2013-7323 | — | < 0.3.7 | 0.3.7 | Jun 9, 2014 | python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. |
- CVE-2019-6690Mar 17, 2019affected < 0.4.4fixed 0.4.4
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation
- CVE-2014-1929Oct 25, 2014affected >= 0.3.5, < 0.3.7fixed 0.3.7
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.
- CVE-2014-1928Oct 25, 2014affected >= 0.3.5, < 0.3.6fixed 0.3.6
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences
- CVE-2014-1927Oct 25, 2014affected >= 0.3.5, < 0.3.6fixed 0.3.6
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability
- CVE-2013-7323Jun 9, 2014affected < 0.3.7fixed 0.3.7
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.