Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/python-gnupg@0.4.4
Typepypi
Namespace
Namepython-gnupg
Version0.4.4
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-8tpq-e3eq-nkg2
vulnerability_id VCID-8tpq-e3eq-nkg2
summary python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00008.html
1
reference_url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00058.html
2
reference_url http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
reference_id
reference_type
scores
url http://packetstormsecurity.com/files/151341/Python-GnuPG-0.4.3-Improper-Input-Validation.html
3
reference_url https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
reference_id
reference_type
scores
url https://blog.hackeriet.no/cve-2019-6690-python-gnupg-vulnerability/
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6690
5
reference_url https://cwe.mitre.org/data/definitions/20.html
reference_id
reference_type
scores
url https://cwe.mitre.org/data/definitions/20.html
6
reference_url https://github.com/advisories/GHSA-2fch-jvg5-crf6
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-2fch-jvg5-crf6
7
reference_url https://github.com/advisories/GHSA-qh62-ch95-63wh
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-qh62-ch95-63wh
8
reference_url https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2019/02/msg00021.html
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WMV6XNPPL3VB3RQRFFOBCJ3AGWC4K47/
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6KYZMN2PWXY4ENZVJUVTGFBVYEVY7II/
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X4VFRUG56542LTYK4444TPJBGR57MT25/
12
reference_url https://pypi.org/project/python-gnupg/#history
reference_id
reference_type
scores
url https://pypi.org/project/python-gnupg/#history
13
reference_url https://seclists.org/bugtraq/2019/Jan/41
reference_id
reference_type
scores
url https://seclists.org/bugtraq/2019/Jan/41
14
reference_url https://usn.ubuntu.com/3964-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3964-1/
15
reference_url http://www.securityfocus.com/bid/106756
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/106756
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-6690
reference_id CVE-2019-6690
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-6690
fixed_packages
0
url pkg:pypi/python-gnupg@0.4.4
purl pkg:pypi/python-gnupg@0.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/python-gnupg@0.4.4
aliases CVE-2019-6690, GHSA-2fch-jvg5-crf6, GHSA-qh62-ch95-63wh, PYSEC-2019-115
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8tpq-e3eq-nkg2
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/python-gnupg@0.4.4