CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

CVE-2024-9287 Virtual environment (venv) activation scripts don't quote paths

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

PSF-2024-12

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

CVE-2024-9287

CVE-2024-9287 affects the CPython venv/CLI: unquoted path names when creating a virtual environment enable command injection into activation scripts (e.g., source venv/bin/activate). Affected environments can execute attacker-controlled commands upon activation; environments not created by an att...

CVE-2024-9287

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

CVE-2024-9287

A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into virtual environment "activation" scripts ie "source venv/bin/activate". This means that...

PT-2024-39544

Name of the Vulnerable Software and Affected Versions CPython versions prior to 3.13.0 Description A vulnerability has been found in the CPython venv module and CLI where path names provided when creating a virtual environment were not quoted properly, allowing the creator to inject commands into...

ROS-20241017-08

Vulnerability in the 'http.cookies' standard library module of the Python programming language interpreter CPython is related to inefficient regular expression complexity. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Huawei EulerOS: Security Advisory for python-zipp (EulerOS-SA-2024-2567)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP11 : python-zipp (EulerOS-SA-2024-2593)

According to the versions of the python-zipp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggere...

EulerOS 2.0 SP11 : python-zipp (EulerOS-SA-2024-2567)

According to the versions of the python-zipp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A Denial of Service DoS vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggere...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20230302.102001)

The version of AHV installed on the remote host is prior to 20230302.102005. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20230302.102001 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability...

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-6.10)

The version of AOS installed on the remote host is prior to 6.10. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-6.10 advisory. - squashfsopendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. ...

CBL Mariner 2.0 Security Update: python3 (CVE-2024-4032)

The version of python3 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-4032 advisory. - The ipaddress module contained incorrect information about whether certain IPv4 and IPv6 addresses were...

CVE-2022-26488

A flaw was found in Python that may allow local users to gain privileges due to the search path being inadequately secured. The installer may allow a local attacker to add user-writable directories to the system search path. To exploit, an administrator must have installed Python for all users an...

BIT-PYTHON-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter

An issue was found in CPython 3.12.0 subprocess module on POSIX platforms. The issue was fixed in CPython 3.12.1 and does not affect other stable releases. When using the extragroups= parameter with an empty list as a value ie extragroups= the logic regressed to not call setgroups0, NULL before...

Moderate: Red Hat Security Advisory: python3.11 security update

An update for python3.11 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

RLSA-2024:6961 Moderate: python3.12 security update

Python 3.12 is an accessible, high-level, dynamically typed, interpreted programming language, designed with an emphasis on code readability. It includes an extensive standard library, and has a vast ecosystem of third-party libraries. The python3.12 package provides the "python3.12" executable:...

python3 security update

An update is available for python3. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Python is an interpreted, interactive, object-oriented programming language,...

Rocky Linux 8 : python3.12 (RLSA-2024:6961)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:6961 advisory. python: incorrect IPv4 and IPv6 private ranges CVE-2024-4032 cpython: python: email module doesn't properly quotes newlines in email headers, allowing...