CVE-2020-11073

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-11073
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-11073.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2020-11073
Related
  • GHSA-h8wm-cqq6-957q
Published
2020-05-13T19:15:11Z
Modified
2025-01-08T10:26:40.007006Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0

References

Affected packages

Git / github.com/michaelaquilina/zsh-autoswitch-virtualenv

Affected ranges

Type
GIT
Repo
https://github.com/michaelaquilina/zsh-autoswitch-virtualenv
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

0.*

0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.1.6
0.2.0
0.2.1
0.3.0
0.3.1
0.3.2
0.3.3
0.3.4
0.3.5
0.3.6
0.4.0
0.5.0
0.5.1
0.6.0
0.7.0

1.*

1.0.0
1.1.0
1.1.1
1.10.0
1.10.1
1.11.0
1.11.1
1.12.0
1.13.0
1.14.0
1.15.0
1.15.1
1.15.2
1.16.0
1.2.1
1.3.1
1.4.1
1.5.0
1.6.0
1.7.0
1.8.0
1.8.1
1.8.2
1.9.0