{"id":"PYSEC-2014-92","details":"python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to \"option injection through positional arguments.\" NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.","aliases":["CVE-2014-1929","GHSA-vcr5-xr9h-mvc5"],"modified":"2023-11-08T03:57:35.733Z","published":"2014-10-25T21:55:00Z","references":[{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q1/245"},{"type":"ADVISORY","url":"http://secunia.com/advisories/59031"},{"type":"ADVISORY","url":"http://www.debian.org/security/2014/dsa-2946"},{"type":"WEB","url":"http://seclists.org/oss-sec/2014/q1/335"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-vcr5-xr9h-mvc5"}],"affected":[{"package":{"name":"python-gnupg","ecosystem":"PyPI","purl":"pkg:pypi/python-gnupg"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0.3.5"},{"fixed":"0.3.7"}]}],"versions":["0.3.5","0.3.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/python-gnupg/PYSEC-2014-92.yaml"}}],"schema_version":"1.7.3"}