RSS   Vulnerabilities for 'Virtualenv'   RSS

2019-11-05
 
CVE-2013-5123

CWE-287
 
 
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

 
2018-09-30
 
CVE-2018-17793

CWE-254
 
 
** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.

 

Copyright 2024, cxsecurity.com

 

Back to Top