CVE-2014-1929

Name of the Vulnerable Software and Affected Versions python-gnupg versions 0.3.5 through 0.3.6

Description The issue allows context-dependent attackers to have an unspecified impact via vectors related to option injection through positional arguments. It is also related to shell injection due to a failure to escape backslashes in the shell quote() function. This vulnerability exists because of an incomplete fix for a previous issue.

Recommendations For python-gnupg versions 0.3.5 and 0.3.6, consider disabling the use of positional arguments and the shell quote() function until a patch is available. Restrict access to sensitive areas where shell injection could be exploited to minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.