PYSEC-2024-187

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/virtualenv/PYSEC-2024-187.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2024-187

Aliases

Published

2024-11-24T16:15:06Z

Modified

2025-01-19T04:57:34.860502Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

References

Affected packages

PyPI / virtualenv

Package

Name: virtualenv; View open source insights on deps.dev
Purl: pkg:pypi/virtualenv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20.26.6

Affected versions

0.*

0.8

0.8.1

0.8.2

0.8.3

0.8.4

0.9

0.9.1

0.9.2

1.*

1.0

1.1

1.2

1.3

1.3.1

1.3.2

1.3.3

1.3.4

1.4rc1

1.4

1.4.1

1.4.2

1.4.3

1.4.4

1.4.5

1.4.6

1.4.7

1.4.8

1.4.9

1.5

1.5.1

1.5.2

1.6

1.6.1

1.6.2

1.6.3

1.6.4

1.7

1.7.1

1.7.1.1

1.7.1.2

1.7.2

1.8

1.8.1

1.8.2

1.8.3

1.8.4

1.9

1.9.1

1.10

1.10.1

1.11

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

12.*

12.0

12.0.1

12.0.2

12.0.4

12.0.5

12.0.6

12.0.7

12.1.0

12.1.1

13.*

13.0.0

13.0.1

13.0.2

13.0.3

13.1.0

13.1.1

13.1.2

14.*

14.0.0

14.0.1

14.0.2

14.0.3

14.0.4

14.0.5

14.0.6

15.*

15.0.0

15.0.1

15.0.2

15.0.3

15.1.0

15.2.0

16.*

16.0.0

16.1.0

16.2.0

16.3.0

16.3.1.dev0

16.4.0

16.4.1

16.4.3

16.4.4.dev0

16.5.0

16.6.0

16.6.1

16.6.2

16.7.0

16.7.1

16.7.2

16.7.3

16.7.4

16.7.5

16.7.6

16.7.7

16.7.8

16.7.9

16.7.10

16.7.11

16.7.12

20.*

20.0.0b1

20.0.0b2

20.0.0

20.0.1

20.0.2

20.0.3

20.0.4

20.0.5

20.0.6

20.0.7

20.0.8

20.0.9

20.0.10

20.0.11

20.0.12

20.0.13

20.0.14

20.0.15

20.0.16

20.0.17

20.0.18

20.0.19

20.0.20

20.0.21

20.0.22

20.0.23

20.0.24

20.0.25

20.0.26

20.0.27

20.0.28

20.0.29

20.0.30

20.0.31

20.0.32

20.0.33

20.0.34

20.0.35

20.1.0

20.2.0

20.2.1

20.2.2

20.3.0

20.3.1

20.4.0

20.4.1

20.4.2

20.4.3

20.4.4

20.4.5

20.4.6

20.4.7

20.5.0

20.6.0

20.7.0

20.7.1

20.7.2

20.8.0

20.8.1

20.9.0

20.10.0

20.11.0

20.11.1

20.11.2

20.12.0

20.12.1

20.13.0

20.13.1

20.13.2

20.13.3

20.13.4

20.14.0

20.14.1

20.15.0

20.15.1

20.16.0

20.16.1

20.16.2

20.16.3

20.16.4

20.16.5

20.16.6

20.16.7

20.17.0

20.17.1

20.18.0

20.19.0

20.20.0

20.21.0

20.21.1

20.22.0

20.23.0

20.23.1

20.24.0

20.24.1

20.24.2

20.24.3

20.24.4

20.24.5

20.24.6

20.24.7

20.25.0

20.25.1

20.25.2

20.25.3

20.26.0

20.26.1

20.26.2

20.26.3

20.26.4

20.26.5