Описание
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
Ссылки
- Mailing ListThird Party Advisory
- ExploitIssue TrackingMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitIssue TrackingMailing ListThird Party Advisory
- Mailing ListThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1 (включая) до 2.10 (исключая)
cpe:2.3:a:signing-party_project:signing-party:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
Одно из
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
EPSS
Процентиль: 65%
0.00498
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 7 лет назад
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
CVSS3: 9.8
debian
почти 7 лет назад
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an un ...
CVSS3: 9.8
github
больше 3 лет назад
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
EPSS
Процентиль: 65%
0.00498
Низкий
9.8 Critical
CVSS3
10 Critical
CVSS2
Дефекты
CWE-78