CVE-2021-3769

The CVE-2021-3769 entry concerns ohmyzsh themes pygmalion, pygmalion-virtualenv, and refined, which print user-supplied strings with print -P to the terminal. The branch name can be crafted to trigger code execution, per the description. The issue was fixed in commit b3ba9978 (ohmyzsh/ohmyzsh). A...

CVE-2021-3769 OS Command Injection in ohmyzsh/ohmyzsh

Vulnerability in pygmalion, pygmalion-virtualenv and refined themes Description: these themes use print -P on user-supplied strings to print them to the terminal. All of them do that on git information, particularly the branch name, so if the branch has a specially-crafted name the vulnerability...

ohmyzsh 操作系统命令注入漏洞

ohmyzsh is an open source, community-driven framework for managing your zsh configuration. ohmyzsh suffers from an operating system command injection vulnerability that can be exploited by an attacker to trigger command injection via the pygmalion,pygmalion-virtualenv and refined topics...

NewStart CGSL CORE 5.05 / MAIN 5.05 : python-virtualenv Multiple Vulnerabilities (NS-SA-2020-0118)

The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has python-virtualenv packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-112...

SIRAS - Security Incident Response Automated Simulations

Security Incident Response Automated Simulations SIRAS are internal/controlled actions that provide a structured opportunity to practice the incident response plan and procedures during a realistic scenarios. the main idea of SIRAS is create an detection-as-a-code testing scenarios to facilitate...

NewStart CGSL CORE 5.04 / MAIN 5.04 : python-virtualenv Multiple Vulnerabilities (NS-SA-2020-0044)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has python-virtualenv packages installed that are affected by multiple vulnerabilities: - In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. CVE-2019-112...

Autovpn - Create On Demand Disposable OpenVPN Endpoints On AWS

Script that allows the easy creation of OpenVPN endpoints in any AWS region. To create a VPN endpoint is done with a single command takes 3 minutes. It will create the proper security groups. It spins up a tagged ec2 instance and configures OpenVPN software. Once instance is configured an OpenVPN...

Scientific Linux Security Update : python-virtualenv on SL7.x (noarch) (20200512)

Security Fixes : - python-urllib3: Cross-host redirect does not remove Authorization header allow for credential exposure CVE-2018-20060 - python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service CVE-2019-11236 - python-requests: Redire...

python-virtualenv security update

...

Autoswitch Python Virtualenv Injection Vulnerability

Python is a set of open source, object-oriented programming languages from the Python Software Foundation. The language is extensible, supports modules and packages, supports multiple platforms, etc. Virtualenv is a Python virtual environment builder. An injection vulnerability exists in Autoswit...

CVE-2020-11073

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0...

CVE-2020-11073

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0...

Code injection

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0...

CVE-2020-11073

CVE-2020-11073 affects Autoswitch Python Virtualenv prior to 0.16.0. A user entering a directory containing a malicious .venv file could execute arbitrary code locally without user interaction. Impact and exploitation details are supported by multiple sources in the connected documents (Red Hat C...

CVE-2020-11073 Remote Code Execution in Autoswitch Python Virtualenv

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0...

Moderate: Red Hat Security Advisory: python-virtualenv security update

An update for python-virtualenv is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...

RHEL 7 : python-virtualenv (RHSA-2020:2081)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2081 advisory. The virtualenv tool creates isolated Python environments. The virtualenv tool is a successor to workingenv, and an extension of...

python27:2.7 security, bug fix, and enhancement update

An update is available for python-pymongo, python2-rpm-macros, python-docutils, pytest, python-psycopg2, python-PyMySQL, python-lxml, PyYAML, python-pytest-mock, python-attrs, python-jinja2, python-docs, python-requests, python-mock, python-ipaddress, python-funcsigs, python-py, python-chardet,...

Amazon Linux 2 : python-virtualenv (ALAS-2020-1413)

The version of python-virtualenv installed on the remote host is prior to 15.1.0-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1413 advisory. urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirec...

Medium: python-virtualenv

Issue Overview: urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in...