python-gnupg vulnerable to shell injection
Moderate severity
GitHub Reviewed
Published
Nov 6, 2018
to the GitHub Advisory Database
•
Updated Sep 1, 2023
Description
Published to the GitHub Advisory Database
Nov 6, 2018
Reviewed
Jun 16, 2020
Last updated
Sep 1, 2023
python-gnupg 0.3.5 and 0.3.6 allow for shell injection via a failure to escape backslashes in the
shell_quote()
function. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.References