CVE Vulnerability
CVE-2020-11073
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0
References
| Link | Resource |
|---|---|
| https://github.com/MichaelAquilina/zsh-autoswitch-virtualenv/issues/122 | Exploit Third Party Advisory |
| https://github.com/MichaelAquilina/zsh-autoswitch-virtualenv/security/advisories/GHSA-h8wm-cqq6-957q | Third Party Advisory |
| https://github.com/MichaelAquilina/zsh-autoswitch-virtualenv/pull/123 | Third Party Advisory |
| https://github.com/MichaelAquilina/zsh-autoswitch-virtualenv/commit/30c77db7c83eca2bc5f6134fccbdc117b49a6a05 | Patch Third Party Advisory |
Configurations
Configuration 1
|
Information
Published : 2020-05-13 07:15
Updated : 2021-11-04 05:51
NVD link : CVE-2020-11073
Mitre link : CVE-2020-11073
Products Affected
No products.
CWE