21 matches found
MiracleLinux 7 : python3-3.6.8-21.0.3.el7.AXS7 (AXSA:2025-9726:01)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9726:01 advisory. - CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts CVEs: CVE-2024-9287 A vulnerability has been...
EUVD-2024-50376
Malicious code in bioql PyPI...
Astra Linux – Vulnerability in Python 3.11
A vulnerability has been identified in the CPython venv module and CLI. This vulnerability arises from improper quoting of path names when creating a virtual environment. As a result, attackers can inject commands into the virtual environment “activation” scripts e.g., using “source...
Medium: python3
Issue Overview: A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means...
CLSA-2025-1742466441 Fix CVE(s): CVE-2024-9287
SECURITY UPDATE: Incorrect path quoting in venv allows command injection - debian/patches/CVE-2024-9287.patch: Quote template strings in venv activation - CVE-2024-9287...
The vulnerability of Python virtualenv’s activation script scenario allows a hacker to execute arbitrary commands.
The vulnerability of Python virtualenv activation scripts is related to the failure to take measures to neutralize special elements used in the operating system’s command line. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
python: Virtual environment (venv) activation scripts don't quote paths
A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...
OESA-2024-2484 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2483 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2482 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
OESA-2024-2481 python3 security update
Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...
AZL-50926 CVE-2024-9287 affecting package python3 for versions less than 3.12.9-1
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
DEBIAN-CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
UBUNTU-CVE-2024-9287
A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...
Python 代码问题漏洞
Python is an open source, object-oriented programming language from the Python Foundation. The language is extensible, supports modules and packages, and supports multiple platforms. A security vulnerability exists in Python that stems from a vulnerability found in the venv module and CLI, where...
PT-2024-39544
Name of the Vulnerable Software and Affected Versions CPython versions prior to 3.13.0 Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into...