Vulnerability Details CVE-2022-24953
The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.0%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
- https://github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4e
- https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
- https://github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4e
- https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
Products affected by CVE-2022-24953
-
cpe:2.3:a:pear:crypt_gpg:1.4.0
-
cpe:2.3:a:pear:crypt_gpg:1.4.1
-
cpe:2.3:a:pear:crypt_gpg:1.4.2
-
cpe:2.3:a:pear:crypt_gpg:1.4.3
-
cpe:2.3:a:pear:crypt_gpg:1.6.0
-
cpe:2.3:a:pear:crypt_gpg:1.6.1
-
cpe:2.3:a:pear:crypt_gpg:1.6.2
-
cpe:2.3:a:pear:crypt_gpg:1.6.3
-
cpe:2.3:a:pear:crypt_gpg:1.6.4
-
cpe:2.3:a:pear:crypt_gpg:1.6.5
-
cpe:2.3:a:pear:crypt_gpg:1.6.6