66 matches found
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
CVE-2024-53899
...
CLSA-2024-1734543883 python3: Fix of CVE-2024-9287
CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...
AlmaLinux 8 : python3.12 (ALSA-2024:10980)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10980 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Unbounded memory buffering in...
RHEL 9 : python3.11 (RHSA-2024:11111)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11111 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
Moderate: python3.11 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Fedora 40 : python3.10 (2024-1a493abc67)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1a493abc67 advisory. Python 3.10.16 security release. Security content in this release -------------------------------- - gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to...
BIT-PYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
RHEL 9 : python3.9:3.9.18 (RHSA-2024:11024)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:11024 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
virtualenv: potential command injection via virtual environment activation scripts
A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...
Important: python36:3.6 security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
AlmaLinux 8 : python3:3.6.8 (ALSA-2024:10779)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:10779 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...
Security update for python3-virtualenv
This update for python3-virtualenv fixes the following issues: Security issue fixed: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Non-security issue fixed: Relax version requirements that cannot be provided bsc1232072 Patch Instructions: To install this SUSE...