CLSA-2026-1771855894 python-virtualenv: Fix of CVE-2024-53899

CVE-2024-53899: Quote template strings in activation scripts...

CLSA-2026-1771855453 python-virtualenv: Fix of CVE-2024-53899

CVE-2024-53899: Quote template strings in activation scripts...

MiracleLinux 8 : python36:3.6 (AXSA:2024-9397:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9397:01 advisory. virtualenv: potential command injection via virtual environment activation scripts CVE-2024-53899 Tenable has extracted the preceding description block...

MiracleLinux 9 : python3.9-3.9.21-1.el9_5 (AXSA:2024-9439:09)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-9439:09 advisory. python: Virtual environment venv activation scripts don't quote paths CVE-2024-9287 python: Improper validation of IPv6 and IPvFuture addresses...

python: Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the Python venv module and CLI. Path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts, for example, "source venv/bin/activate". This flaw allows...

EUVD-2024-0172

Malicious code in bioql PyPI...

BIT-LIBPYTHON-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

CLSA-2025-1748638245 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

Medium: python3.9

Issue Overview: The urllib.parse.urlsplit and urlparse functions improperly validated bracketed hosts , allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser. CVE-2024-11168 A...

Azure Linux 3.0 Security Update: python-virtualenv (CVE-2024-53899)

The version of python-virtualenv installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53899 advisory. - virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual...

Virtual environment (venv) activation scripts don't quote paths

...

OESA-2025-1241 python-virtualenv security update

Virtualenv is a tool to create isolated Python environments. Since Python 3.3, a subset of it has been integrated into the standard library under the venv module. Note though, that the venv module does not offer all features of this library e.g. cannot create bootstrap scripts, cannot create...

CLSA-2025-1740133056 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

CLSA-2025-1740132042 python3: Fix of CVE-2024-9287

CVE-2024-9287: fix path names quoting to prevent command injection in virtual environment activation scripts...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2025-1179)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted...

EulerOS 2.0 SP11 : python3 (EulerOS-SA-2025-1143)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted...

Important: python-virtualenv

Issue Overview: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. CVE-2024-53899 Affected Packages: python-virtualenv Issue...

CLSA-2025-1736856534 python3.11: Fix of CVE-2024-9287

CVE-2024-9287: Quote path names when creating virtual environments to prevent command injection in activation scripts...

CLSA-2025-1736503464 python3.9: Fix of CVE-2024-9287

CVE-2024-9287: Fix improperly quoting path names in virtual environment creation to prevent command injection in activation scripts...

python-virtualenv security update

15.1.0-7.0.1 - Fixes CVE-2024-53899 Quote template strings in activation scripts Orabug: 37396464...