Python-Gnupg Project Python-Gnupg vulnerabilities
6 known vulnerabilities affecting python-gnupg_project/python-gnupg.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-12020HIGHCVSS 7.5≥ 0, < 0.3.6-1ubuntu0.1~esm1≥ 0, < 0.3.8-2ubuntu0.1~esm12021-03-15
CVE-2018-12020 [HIGH] python-gnupg vulnerabilities
python-gnupg vulnerabilities
Marcus Brinkmann discovered that python-gnupg improperly handled certain
command line parameters. A remote attacker could use this to spoof the
output of python-gnupg and cause unsigned e-mail to appear signed.
(CVE-2018-12020)
It was discovered that python-gnupg incorrectly handled the GPG passphrase.
A remote attacker could send a specially crafted passphrase that would
allow them to control the output of encrypt
osv
CVE-2019-6690HIGHCVSS 7.5≥ 0, < 0.4.42019-03-25
CVE-2019-6690 [HIGH] CWE-20 Improper Input Validation python-gnupg
Improper Input Validation python-gnupg
python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.
ghsaosv
CVE-2013-7323HIGHCVSS 7.5≥ 0, < 0.3.72018-11-06
CVE-2013-7323 [HIGH] python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters
python-gnupg allows context-dependent attackers to execute arbitrary commands via shell metacharacters
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
ghsaosv
CVE-2014-1927HIGHCVSS 7.5v0.3.52014-10-25
CVE-2014-1927 [HIGH] CVE-2014-1927: The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928. NOTE: this vulnerability exists because of an incomplete fix f
ghsanvdosv
CVE-2014-1929MEDIUMCVSS 4.4v0.3.5v0.3.62014-10-25
CVE-2014-1929 [MEDIUM] CVE-2014-1929: python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via ve
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.
ghsanvdosv
CVE-2014-1928MEDIUMCVSS 4.6≤ 0.3.52014-10-25
CVE-2014-1928 [MEDIUM] CVE-2014-1928: The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows con
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulnerability than CVE-2014-1927. NOTE: this vulnerability exists b
ghsanvdosv