Workflow

PyPi: Python-Gnupg

CVE-2013-7323

Safety vulnerability ID: 35493

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jun 09, 2014 Updated at Sep 21, 2024
Scan your Python projects for vulnerabilities →

Advisory

Python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

Affected package

python-gnupg

Latest version: 0.5.3

A wrapper for the Gnu Privacy Guard (GPG or GnuPG)

Affected versions

Fixed versions

Vulnerability changelog

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.


MLIST:[oss-security] 20140204 CVE request: python-gnupg before 0.3.5 shell injection: http://seclists.org/oss-sec/2014/q1/243
MLIST:[oss-security] 20140204 Re: CVE request: python-gnupg before 0.3.5 shell injection: http://seclists.org/oss-sec/2014/q1/244
MLIST:[oss-security] 20140209 Re: CVE request: python-gnupg before 0.3.5 shell injection: http://seclists.org/oss-sec/2014/q1/294
CONFIRM:https://code.google.com/p/python-gnupg/: https://code.google.com/p/python-gnupg/
DEBIAN:DSA-2946: http://www.debian.org/security/2014/dsa-2946
SECUNIA:56616: http://secunia.com/advisories/56616
SECUNIA:59031: http://secunia.com/advisories/59031

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v2 Details

HIGH 7.5
Access Vector (AV)
NETWORK
Access Complexity (AC)
LOW
Authentication (Au)
NONE
Confidentiality Impact (C)
PARTIAL
Integrity Impact (I)
PARTIAL
Availability Impact (A)
PARTIAL