Search for packages
| purl | pkg:pypi/python-gnupg@0.3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1w6t-r8pu-aaas
Aliases: CVE-2013-7323 GHSA-c2fx-8r76-gh36 PYSEC-2014-89 |
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. |
Affected by 5 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-f7z6-jm9f-aaap
Aliases: CVE-2019-6690 GHSA-2fch-jvg5-crf6 GHSA-qh62-ch95-63wh PYSEC-2019-115 PYSEC-2019-45 |
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component. |
Affected by 0 other vulnerabilities. |
|
VCID-hx2x-2bd6-aaag
Aliases: CVE-2014-1929 GHSA-vcr5-xr9h-mvc5 PYSEC-2014-92 |
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. |
Affected by 3 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-rv7m-a4aw-aaas
Aliases: CVE-2014-1928 GHSA-2jc8-4r6g-282j PYSEC-2014-91 |
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323. |
Affected by 3 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||