BIT-virtualenv-2026-22702
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/virtualenv/BIT-virtualenv-2026-22702.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/BIT-virtualenv-2026-22702
- Aliases
-
- CVE-2026-22702
- GHSA-597g-3phw-6986
- Published
- 2026-01-13T08:53:06.703Z
- Modified
- 2026-01-13T09:26:18.299508Z
- Summary
- virtualenv Has TOCTOU Vulnerabilities in Directory Creation
- Details
-
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.
- Database specific
{ "severity": "Medium", "cpes": [ "cpe:2.3:a:virtualenv:virtualenv:*:*:*:*:*:python:*:*" ] }- References
Affected packages
Bitnami / virtualenv
Package
- Name
- virtualenv
- Purl
- pkg:bitnami/virtualenv
Severity
- 4.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator