66 matches found
SUSE-SU-2024:4143-1 Security update for python3-virtualenv
This update for python3-virtualenv fixes the following issues: Security issue fixed: - CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Non-security issue fixed: - Relax version requirements that cannot be provided bsc1232072...
Security update for python-virtualenv
This update for python-virtualenv fixes the following issues: CVE-2024-53899: Fixed a command injection through activation scripts bsc1233706 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you c...
GHSA-RQC4-2HC7-8C8V virtualenv allows command injection through activation scripts for a virtual environment
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
virtualenv allows command injection through activation scripts for a virtual environment
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
DEBIAN-CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
AZL-53417 CVE-2024-53899 affecting package python-virtualenv for versions less than 20.25.0-3
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
PYSEC-2024-187
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
PYSEC-2024-187
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
AZL-53645 CVE-2024-53899 affecting package python-virtualenv for versions less than 20.26.6-1
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
UBUNTU-CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...
CVE-2024-53899
CVE-2024-53899 affects python-virtualenv: versions older than 20.26.6-1 are vulnerable to command injection via activation scripts due to unquoted/magic template strings during activation. The issue is remedied in newer packages (≥ 20.26.6-1); upgrade to the patched release to mitigate. Connected...
SUSE CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
Python Command Injection Vulnerability (Oct 2024) - Mac OS X
Python is prone to a command injection vulnerability in the venv module. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
AZL-50757 CVE-2024-9287 affecting package python3 for versions less than 3.9.19-11
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...