gpg-key2ps in signing-party 1.1.x and 2.x prior to 2.10-1 contains an unsafe shell call enabling shell injection via a User ID.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
signing-party project signing-party |
||
debian debian linux 8.0 |
||
opensuse leap 15.0 |
||
opensuse leap 42.3 |