Virtualenv

virtualenv

Vendor: Virtualenv • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-22702 1Virtualenv 1Virtualenv Feb 18, 2026 Jan 10, 2026 N/A· v4 4.5 MEDIUM· v3 N/A· v2 virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on...Show more virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.Show less
CVE-2024-53899 1Virtualenv 1Virtualenv Feb 10, 2025 Nov 24, 2024 N/A· v4 7.8 HIGH· v3 N/A· v2 virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
CVE-2013-5123 5Debian FedoraprojectPypa+2 more 6Debian Linux FedoraOpenshift+3 more Nov 21, 2024 Nov 5, 2019 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.