CVE-2013-7323 — Improper Input Validation in Project Python-gnupg

CWE-20 — Improper Input Validation25 documents6 sources

Severity

7.5HIGHNVD

NVD4.6NVD4.4

EPSS

1.2%

top 21.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python-gnupg Project Python-gnupg Vinay Sajip Python-gnupg

Timeline

PublishedJun 9

Latest updateNov 6

Description

python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶PyPIpython-gnupg_project/python-gnupg0.3.5 — 0.3.6+2

▶Debianpython-gnupg_project/python-gnupg< 0.3.6-1+3

▶NVDvinay_sajip/python-gnupg0.3.4+4

▶NVDpython-gnupg_project/python-gnupg0.3.5+2

🔴Vulnerability Details

OSV

python-gnupg's shell_quote function does not properly quote strings↗2018-11-06

▶

GHSA

python-gnupg vulnerable to shell injection↗2018-11-06

▶

OSV

python-gnupg vulnerable to shell injection↗2018-11-06

▶

GHSA

python-gnupg's shell_quote function does not properly quote strings↗2018-11-06

▶

OSV

python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters↗2018-11-06

▶

📋Vendor Advisories

Debian

CVE-2014-1927: python-gnupg - The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, ...↗2014

▶

Debian

CVE-2014-1928: python-gnupg - The shell_quote function in python-gnupg 0.3.5 does not properly escape characte...↗2014

▶

Debian

CVE-2014-1929: python-gnupg - python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspe...↗2014

▶

Debian

CVE-2013-7323: python-gnupg - python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrar...↗2013

▶

💬Community

Bugzilla

CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929 python-gnupg: incorrect fix against shell injection↗2014-02-05

▶