{"url":"http://public2.vulnerablecode.io/api/packages/7207?format=json","purl":"pkg:pypi/virtualenv@1.4.9","type":"pypi","namespace":"","name":"virtualenv","version":"1.4.9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"20.26.6","latest_non_vulnerable_version":"20.36.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36943?format=json","vulnerability_id":"VCID-f185-g69j-yyhp","summary":"virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.","references":[{"reference_url":"https://github.com/pypa/virtualenv/issues/2768","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pypa/virtualenv/issues/2768"},{"reference_url":"https://github.com/pypa/virtualenv/pull/2771","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pypa/virtualenv/pull/2771"},{"reference_url":"https://github.com/pypa/virtualenv/releases/tag/20.26.6","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://github.com/pypa/virtualenv/releases/tag/20.26.6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/44156?format=json","purl":"pkg:pypi/virtualenv@20.26.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/virtualenv@20.26.6"}],"aliases":["CVE-2024-53899","PYSEC-2024-187"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f185-g69j-yyhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34746?format=json","vulnerability_id":"VCID-uc6j-bk79-tqey","summary":"virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html"},{"reference_url":"http://openwall.com/lists/oss-security/2011/12/19/2","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2011/12/19/2"},{"reference_url":"http://openwall.com/lists/oss-security/2011/12/19/4","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2011/12/19/4"},{"reference_url":"http://openwall.com/lists/oss-security/2011/12/19/5","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2011/12/19/5"},{"reference_url":"https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5","reference_id":"","reference_type":"","scores":[],"url":"https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5"},{"reference_url":"http://secunia.com/advisories/47240","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/47240"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/virtualenv/PYSEC-2011-23.yaml","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/virtualenv/PYSEC-2011-23.yaml"},{"reference_url":"https://github.com/pypa/virtualenv","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/virtualenv"},{"reference_url":"https://github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2ca","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2ca"},{"reference_url":"https://web.archive.org/web/20200228151935/https://bitbucket.org/ianb/virtualenv/commits/8be37c509fe5","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20200228151935/https://bitbucket.org/ianb/virtualenv/commits/8be37c509fe5"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4617","reference_id":"CVE-2011-4617","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4617"},{"reference_url":"https://github.com/advisories/GHSA-3jhc-wjqf-5f2c","reference_id":"GHSA-3jhc-wjqf-5f2c","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-3jhc-wjqf-5f2c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/7208?format=json","purl":"pkg:pypi/virtualenv@1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f185-g69j-yyhp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/virtualenv@1.5"}],"aliases":["CVE-2011-4617","GHSA-3jhc-wjqf-5f2c","PYSEC-2011-23"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uc6j-bk79-tqey"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/virtualenv@1.4.9"}