Search for vulnerabilities
Vulnerability details: VCID-1w6t-r8pu-aaas
Vulnerability ID VCID-1w6t-r8pu-aaas
Aliases CVE-2013-7323
GHSA-c2fx-8r76-gh36
PYSEC-2014-89
Summary python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
Status Published
Exploitability 0.5
Weighted Severity 8.8
Risk 4.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7323.html
epss 0.00757 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.00757 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.00757 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.00757 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01115 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.01162 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
epss 0.02891 https://api.first.org/data/v1/epss?cve=CVE-2013-7323
cvssv3.1 7.5 https://code.google.com/p/python-gnupg
cvssv3.1 9.8 https://code.google.com/p/python-gnupg
generic_textual HIGH https://code.google.com/p/python-gnupg
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7323
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1927
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1928
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1929
cvssv3.1 9.8 http://seclists.org/oss-sec/2014/q1/243
generic_textual HIGH http://seclists.org/oss-sec/2014/q1/243
cvssv3.1 9.8 http://seclists.org/oss-sec/2014/q1/244
generic_textual HIGH http://seclists.org/oss-sec/2014/q1/244
cvssv3.1 7.5 http://seclists.org/oss-sec/2014/q1/294
cvssv3.1 9.8 http://seclists.org/oss-sec/2014/q1/294
generic_textual HIGH http://seclists.org/oss-sec/2014/q1/294
generic_textual MODERATE http://secunia.com/advisories/56616
generic_textual MODERATE http://secunia.com/advisories/59031
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-c2fx-8r76-gh36
cvssv3.1 9.8 https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2014-89.yaml
generic_textual HIGH https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2014-89.yaml
cvssv3.1 9.8 https://github.com/vsajip/python-gnupg
generic_textual HIGH https://github.com/vsajip/python-gnupg
generic_textual MODERATE https://github.com/vsajip/python-gnupg
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2013-7323
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2013-7323
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2013-7323
cvssv3.1 9.8 http://www.debian.org/security/2014/dsa-2946
generic_textual HIGH http://www.debian.org/security/2014/dsa-2946
generic_textual MODERATE http://www.debian.org/security/2014/dsa-2946
generic_textual Medium http://www.openwall.com/lists/oss-security/2014/02/09/1
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-7323.html
https://api.first.org/data/v1/epss?cve=CVE-2013-7323
https://code.google.com/p/python-gnupg
https://code.google.com/p/python-gnupg/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7323
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1928
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1929
http://seclists.org/oss-sec/2014/q1/243
http://seclists.org/oss-sec/2014/q1/244
http://seclists.org/oss-sec/2014/q1/294
http://secunia.com/advisories/56616
http://secunia.com/advisories/59031
https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2014-89.yaml
https://github.com/vsajip/python-gnupg
http://www.debian.org/security/2014/dsa-2946
http://www.openwall.com/lists/oss-security/2014/02/09/1
738509 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738509
cpe:2.3:a:vinay_sajip:python-gnupg:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vinay_sajip:python-gnupg:*:*:*:*:*:*:*:*
cpe:2.3:a:vinay_sajip:python-gnupg:0.3.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vinay_sajip:python-gnupg:0.3.0:*:*:*:*:*:*:*
cpe:2.3:a:vinay_sajip:python-gnupg:0.3.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vinay_sajip:python-gnupg:0.3.1:*:*:*:*:*:*:*
cpe:2.3:a:vinay_sajip:python-gnupg:0.3.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vinay_sajip:python-gnupg:0.3.2:*:*:*:*:*:*:*
cpe:2.3:a:vinay_sajip:python-gnupg:0.3.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:vinay_sajip:python-gnupg:0.3.3:*:*:*:*:*:*:*
CVE-2013-7323 https://nvd.nist.gov/vuln/detail/CVE-2013-7323
GHSA-c2fx-8r76-gh36 https://github.com/advisories/GHSA-c2fx-8r76-gh36
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://code.google.com/p/python-gnupg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://code.google.com/p/python-gnupg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/oss-sec/2014/q1/243
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/oss-sec/2014/q1/244
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at http://seclists.org/oss-sec/2014/q1/294
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://seclists.org/oss-sec/2014/q1/294
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/pypa/advisory-database/tree/main/vulns/python-gnupg/PYSEC-2014-89.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/vsajip/python-gnupg
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2013-7323
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2013-7323
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://www.debian.org/security/2014/dsa-2946
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.80902
EPSS Score 0.00757
Published At Dec. 17, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.