CGA-fp53-8jf5-gj7f

Published

Last updated

https://images.chainguard.dev/security/CGA-fp53-8jf5-gj7f

Package

py3-cassandra-medusa

RepositoryWolfi

Latest Update

Fixed

Fixed Version

0.23.0-r0

Aliases

CVE-2024-53899
GHSA-rqc4-2hc7-8c8v

Severity

Unknown

Summary

virtualenv allows command injection through activation scripts for a virtual environment

Description

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-53899
https://github.com/advisories/GHSA-rqc4-2hc7-8c8v
https://github.com/pypa/virtualenv/issues/2768
https://github.com/pypa/virtualenv/pull/2771
https://github.com/pypa/advisory-database/tree/main/vulns/virtualenv/PYSEC-2024-187.yaml
https://github.com/pypa/virtualenv
https://github.com/pypa/virtualenv/releases/tag/20.26.6

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-fp53-8jf5-gj7f

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources