AZL-77910

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77910.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-77910

Upstream

CVE-2026-1703

Published

2026-02-02T15:16:30Z

Modified

2026-04-01T05:04:18.896319Z

Summary

CVE-2026-1703 affecting package python-virtualenv 20.36.1-1

Details

When pip is installing and extracting a maliciously crafted wheel archive, files may be extracted outside the installation directory. The path traversal is limited to prefixes of the installation directory, thus isn't able to inject or overwrite executable files in typical situations.

References

https://nvd.nist.gov/vuln/detail/CVE-2026-1703

Affected packages

Azure Linux:3 / python-virtualenv

Package

Name: python-virtualenv
Purl: pkg:rpm/azure-linux/python-virtualenv

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

20.36.1-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-77910.json"