Search CVE reports
1 – 3 of 3 results
CVE-2024-53899
Medium prioritySome fixes available 2 of 5
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
1 affected package
python-virtualenv
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-virtualenv | Vulnerable | Fixed | Fixed | Not affected | Not affected |
CVE-2013-1629
Medium prioritypip before 1.3 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a "pip...
2 affected packages
python-pip, python-virtualenv
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-pip | — | — | — | Not affected | Not affected |
| python-virtualenv | — | — | — | Not affected | Not affected |
CVE-2011-4617
Medium priorityvirtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
1 affected package
python-virtualenv
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| python-virtualenv | — | — | — | — | — |