PYSEC-2024-187
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/virtualenv/PYSEC-2024-187.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2024-187
- Aliases
- Published
- 2024-11-24T16:15:06Z
- Modified
- 2025-01-19T04:56:52.913372Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
- References
Affected packages
PyPI / virtualenv
Package
- Name
- virtualenv
- View open source insights on deps.dev
- Purl
- pkg:pypi/virtualenv
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20.26.6
Affected versions
0.*
0.8
0.8.1
0.8.2
0.8.3
0.8.4
0.9
0.9.1
0.9.2
1.*
1.0
1.1
1.2
1.3
1.3.1
1.3.2
1.3.3
1.3.4
1.4rc1
1.4
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5
1.5.1
1.5.2
1.6
1.6.1
1.6.2
1.6.3
1.6.4
1.7
1.7.1
1.7.1.1
1.7.1.2
1.7.2
1.8
1.8.1
1.8.2
1.8.3
1.8.4
1.9
1.9.1
1.10
1.10.1
1.11
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.11.6
12.*
12.0
12.0.1
12.0.2
12.0.4
12.0.5
12.0.6
12.0.7
12.1.0
12.1.1
13.*
13.0.0
13.0.1
13.0.2
13.0.3
13.1.0
13.1.1
13.1.2
14.*
14.0.0
14.0.1
14.0.2
14.0.3
14.0.4
14.0.5
14.0.6
15.*
15.0.0
15.0.1
15.0.2
15.0.3
15.1.0
15.2.0
16.*
16.0.0
16.1.0
16.2.0
16.3.0
16.3.1.dev0
16.4.0
16.4.1
16.4.3
16.4.4.dev0
16.5.0
16.6.0
16.6.1
16.6.2
16.7.0
16.7.1
16.7.2
16.7.3
16.7.4
16.7.5
16.7.6
16.7.7
16.7.8
16.7.9
16.7.10
16.7.11
16.7.12
20.*
20.0.0b1
20.0.0b2
20.0.0
20.0.1
20.0.2
20.0.3
20.0.4
20.0.5
20.0.6
20.0.7
20.0.8
20.0.9
20.0.10
20.0.11
20.0.12
20.0.13
20.0.14
20.0.15
20.0.16
20.0.17
20.0.18
20.0.19
20.0.20
20.0.21
20.0.22
20.0.23
20.0.24
20.0.25
20.0.26
20.0.27
20.0.28
20.0.29
20.0.30
20.0.31
20.0.32
20.0.33
20.0.34
20.0.35
20.1.0
20.2.0
20.2.1
20.2.2
20.3.0
20.3.1
20.4.0
20.4.1
20.4.2
20.4.3
20.4.4
20.4.5
20.4.6
20.4.7
20.5.0
20.6.0
20.7.0
20.7.1
20.7.2
20.8.0
20.8.1
20.9.0
20.10.0
20.11.0
20.11.1
20.11.2
20.12.0
20.12.1
20.13.0
20.13.1
20.13.2
20.13.3
20.13.4
20.14.0
20.14.1
20.15.0
20.15.1
20.16.0
20.16.1
20.16.2
20.16.3
20.16.4
20.16.5
20.16.6
20.16.7
20.17.0
20.17.1
20.18.0
20.19.0
20.20.0
20.21.0
20.21.1
20.22.0
20.23.0
20.23.1
20.24.0
20.24.1
20.24.2
20.24.3
20.24.4
20.24.5
20.24.6
20.24.7
20.25.0
20.25.1
20.25.2
20.25.3
20.26.0
20.26.1
20.26.2
20.26.3
20.26.4
20.26.5