Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:13276
HistoryJan 28, 2019 - 6:52 a.m.

Improper Input Validation

2019-01-2806:52:12
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

0.013 Low

EPSS

Percentile

86.0%

python-gnupg is susceptible to improper input validation. The passphrase property of the gnupg.GPG.encrypt() and gnupg.GPG.decrypt() methods are not properly validated, allowing the attacker to get control of the passphrase being encrypted or decrypted by supplying a newline as input to it when symmetric encryption is used.

CPENameOperatorVersion
python-gnupgle0.4.3
python-gnupgle0.4.3

References