GSA_kwCzR0hTQS01OXg0LTY3bWgtcHg1NM0s4Q

Moderate EPSS: 0.0037% (0.57951 Percentile) EPSS:

Permalink JSON

Crypt_GPG does not prevent additional options in GPG calls

Affected Packages	Affected Versions	Fixed Versions
packagist:pear/crypt_gpg	< 1.6.7	1.6.7
7 Dependent packages 77 Dependent repositories 3,823,251 Downloads total Affected Version Ranges All affected versions 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.6.0, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.6.5, 1.6.6 All unaffected versions 1.6.7, 1.6.8, 1.6.9, 1.6.10, 1.6.11

The Crypt_GPG extension before 1.6.7 for PHP does not prevent additional options in GPG calls, which presents a risk for certain environments and GPG versions.

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-24953
https://github.com/pear/Crypt_GPG/commit/29c0fbe96d0d4063ecd5c9a4644cb65a7fb7cc4e
https://github.com/pear/Crypt_GPG/commit/74c8f989cefbe0887274b461dc56197e121bfd04
https://github.com/advisories/GHSA-59x4-67mh-px54

Identifiers

GHSA-59x4-67mh-px54

CVE-2022-24953

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.0037

EPSS Percentile: 0.57951

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/pear/Crypt_GPG

Date and time

Published

over 3 years ago

Updated

over 2 years ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories