Описание
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| php-crypt-gpg | fixed | 1.6.7-1 | package | |
| php-crypt-gpg | fixed | 1.6.4-2+deb11u1 | bullseye | package |
Примечания
https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04 (v1.6.7)
Связанные уязвимости
CVSS3: 5.3
ubuntu
почти 4 года назад
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
CVSS3: 5.3
nvd
почти 4 года назад
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
CVSS3: 5.3
github
почти 4 года назад
Crypt_GPG does not prevent additional options in GPG calls