CVE-2014-1929 — Improper Input Validation in Project Python-gnupg

CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.4MEDIUMNVD

CNA7.5GHSA7.5OSV7.5

EPSS

0.1%

top 80.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python-gnupg Project Python-gnupg

Timeline

PublishedOct 25

Latest updateNov 6

Description

python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages3 packages

▶PyPIpython-gnupg_project/python-gnupg0.3.5 — 0.3.7

▶Debianpython-gnupg_project/python-gnupg< 0.3.6-1+3

▶NVDpython-gnupg_project/python-gnupg0.3.5, 0.3.6+1

🔴Vulnerability Details

GHSA

python-gnupg vulnerable to shell injection↗2018-11-06

▶

OSV

python-gnupg vulnerable to shell injection↗2018-11-06

▶

OSV

CVE-2014-1929: python-gnupg 0↗2014-10-25

▶

CVEList

CVE-2014-1929: python-gnupg 0↗2014-10-25

▶

📋Vendor Advisories

Debian

CVE-2014-1929: python-gnupg - python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspe...↗2014

▶

💬Community

Bugzilla

CVE-2013-7323 CVE-2014-1927 CVE-2014-1928 CVE-2014-1929 python-gnupg: incorrect fix against shell injection↗2014-02-05

▶