cvedb.io
CVE-2019-6690
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-03-21T16:01:09.077 · Last modified 2026-06-17T02:39:31.213

Summary

python-gnupg 0.4.3 allows context-dependent attackers to trick gnupg to decrypt other ciphertext than intended. To perform the attack, the passphrase to gnupg must be controlled by the adversary and the ciphertext should be trusted. Related to a "CWE-20: Improper Input Validation" issue affecting the affect functionality component.

Affected products

python — python-gnupg

Does this affect you?

Add your gear to cvedb and we'll alert you only when python ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.