Описание
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 20.27.0+ds-1 |
| esm-apps/bionic | not-affected | code not present |
| esm-apps/focal | released | 20.0.17-1ubuntu0.4+esm1 |
| esm-apps/jammy | released | 20.13.0+ds-2ubuntu0.1~esm1 |
| esm-apps/noble | released | 20.25.0+ds-2ubuntu0.1~esm1 |
| esm-apps/xenial | not-affected | code not present |
| esm-infra-legacy/trusty | needs-triage | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| noble | needed |
Показывать по
Ссылки на источники
EPSS
7.8 High
CVSS3
Связанные уязвимости
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
virtualenv before 20.26.6 allows command injection through the activat ...
EPSS
7.8 High
CVSS3