Описание
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-virtualenv | fixed | 20.26.6+ds-1 | package | |
| python-virtualenv | no-dsa | bookworm | package | |
| python-virtualenv | postponed | bullseye | package |
Примечания
https://github.com/pypa/virtualenv/issues/2768
https://github.com/pypa/virtualenv/pull/2771
Fixed by: https://github.com/pypa/virtualenv/commit/86dddeda7c991f8529e1995bbff280fb7b761972 (20.26.6)
EPSS
Связанные уязвимости
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
EPSS