Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

N/A

Source -

N/A

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
0Vulnerabilities found
CVE-2024-53899
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.4||HIGH
EPSS-1.00% / 76.05%
||
7 Day CHG+0.12%
Published-24 Nov, 2024 | 00:00
Updated-10 Feb, 2025 | 18:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

Action-Not Available
Vendor-virtualenvn/avirtualenv
Product-virtualenvn/avirtualenv
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2013-5123
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.9||MEDIUM
EPSS-12.86% / 93.77%
||
7 Day CHG~0.00%
Published-05 Nov, 2019 | 21:16
Updated-06 Aug, 2024 | 17:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.

Action-Not Available
Vendor-pypavirtualenvn/aDebian GNU/LinuxRed Hat, Inc.Fedora Project
Product-virtualenvdebian_linuxsoftware_collectionsopenshiftpipfedoran/a
CWE ID-CWE-287
Improper Authentication