virtualenv: potential command injection via virtual environment activation scripts

A flaw was found in the virtualenv Python package. Due to the improper handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection,leading to the loss of confidentiality,integrity and availability of the system...

GHSA-RQC4-2HC7-8C8V virtualenv allows command injection through activation scripts for a virtual environment

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

PYSEC-2024-187

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

PYSEC-2024-187

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

CVE-2024-53899

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

CVE-2024-53899

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287...

CVE-2024-53899

CVE-2024-53899 affects python-virtualenv: versions older than 20.26.6-1 are vulnerable to command injection via activation scripts due to unquoted/magic template strings during activation. The issue is remedied in newer packages (≥ 20.26.6-1); upgrade to the patched release to mitigate. Connected...