Command injection

2017-02-2216:59:00

PRIOn knowledge base

www.prio-n.com

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters in the xmlPath argument.

CPENameOperatorVersion
libmacgpgle0.6

CPE	Name	Operator	Version
	libmacgpg	le	0.6

References

bierbaumer.net/security/cve-2014-4677/

gpgtools.org/releases/gpgsuite/2015.08/release-notes.html