Vulnerability Details CVE-2019-11627
gpg-key2ps in signing-party 1.1.x and 2.x before 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 64.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.html
- https://bugs.debian.org/928256
- https://lists.debian.org/debian-lts-announce/2019/05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00029.html
- https://bugs.debian.org/928256
- https://lists.debian.org/debian-lts-announce/2019/05/msg00001.html
Products affected by CVE-2019-11627
-
cpe:2.3:a:signing-party_project:signing-party:1.1
-
cpe:2.3:a:signing-party_project:signing-party:1.1-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1-2
-
cpe:2.3:a:signing-party_project:signing-party:1.1.1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.1-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.10
-
cpe:2.3:a:signing-party_project:signing-party:1.1.10-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.11
-
cpe:2.3:a:signing-party_project:signing-party:1.1.11-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.12
-
cpe:2.3:a:signing-party_project:signing-party:1.1.12-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.2
-
cpe:2.3:a:signing-party_project:signing-party:1.1.2-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.3
-
cpe:2.3:a:signing-party_project:signing-party:1.1.3-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.4
-
cpe:2.3:a:signing-party_project:signing-party:1.1.4-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.5
-
cpe:2.3:a:signing-party_project:signing-party:1.1.5-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.6
-
cpe:2.3:a:signing-party_project:signing-party:1.1.6-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.7
-
cpe:2.3:a:signing-party_project:signing-party:1.1.7-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.8
-
cpe:2.3:a:signing-party_project:signing-party:1.1.8-1
-
cpe:2.3:a:signing-party_project:signing-party:1.1.9
-
cpe:2.3:a:signing-party_project:signing-party:1.1.9-1
-
cpe:2.3:a:signing-party_project:signing-party:2.0
-
cpe:2.3:a:signing-party_project:signing-party:2.0-1
-
cpe:2.3:a:signing-party_project:signing-party:2.1
-
cpe:2.3:a:signing-party_project:signing-party:2.1-1
-
cpe:2.3:a:signing-party_project:signing-party:2.2
-
cpe:2.3:a:signing-party_project:signing-party:2.2-1
-
cpe:2.3:a:signing-party_project:signing-party:2.3
-
cpe:2.3:a:signing-party_project:signing-party:2.3-1
-
cpe:2.3:a:signing-party_project:signing-party:2.4-1
-
cpe:2.3:a:signing-party_project:signing-party:2.5
-
cpe:2.3:a:signing-party_project:signing-party:2.5-1
-
cpe:2.3:a:signing-party_project:signing-party:2.6
-
cpe:2.3:a:signing-party_project:signing-party:2.6-1
-
cpe:2.3:a:signing-party_project:signing-party:2.7
-
cpe:2.3:a:signing-party_project:signing-party:2.7-1
-
cpe:2.3:a:signing-party_project:signing-party:2.7-2
-
cpe:2.3:a:signing-party_project:signing-party:2.8
-
cpe:2.3:a:signing-party_project:signing-party:2.8-1
-
cpe:2.3:a:signing-party_project:signing-party:2.9
-
cpe:2.3:a:signing-party_project:signing-party:2.9-1
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:opensuse:leap:15.0
-
cpe:2.3:o:opensuse:leap:42.3