Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zamhjLXdqcWYtNWYyY84AAf0J
Virtualenv Allows Symlink Attack on /tmp/
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Permalink: https://github.com/advisories/GHSA-3jhc-wjqf-5f2cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zamhjLXdqcWYtNWYyY84AAf0J
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
Identifiers: GHSA-3jhc-wjqf-5f2c, CVE-2011-4617
References:
- https://nvd.nist.gov/vuln/detail/CVE-2011-4617
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html
- http://openwall.com/lists/oss-security/2011/12/19/2
- http://openwall.com/lists/oss-security/2011/12/19/4
- http://openwall.com/lists/oss-security/2011/12/19/5
- https://github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2ca
- https://web.archive.org/web/20200228151935/https://bitbucket.org/ianb/virtualenv/commits/8be37c509fe5
- https://github.com/advisories/GHSA-3jhc-wjqf-5f2c
Blast Radius: 0.0
Affected Packages
pypi:virtualenv
Dependent packages: 516Dependent repositories: 76,779
Downloads: 120,020,466 last month
Affected Version Ranges: < 1.5
Fixed in: 1.5
All affected versions: 0.8.1, 0.8.2, 0.8.3, 0.8.4, 0.9.1, 0.9.2, 1.3.1, 1.3.2, 1.3.3, 1.3.4, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9
All unaffected versions: 1.5.1, 1.5.2, 1.6.1, 1.6.2, 1.6.3, 1.6.4, 1.7.1, 1.7.2, 1.8.1, 1.8.2, 1.8.3, 1.8.4, 1.9.1, 1.10.1, 1.11.1, 1.11.2, 1.11.3, 1.11.4, 1.11.5, 1.11.6, 12.0.1, 12.0.2, 12.0.4, 12.0.5, 12.0.6, 12.0.7, 12.1.0, 12.1.1, 13.0.0, 13.0.1, 13.0.2, 13.0.3, 13.1.0, 13.1.1, 13.1.2, 14.0.0, 14.0.1, 14.0.2, 14.0.3, 14.0.4, 14.0.5, 14.0.6, 15.0.0, 15.0.1, 15.0.2, 15.0.3, 15.1.0, 15.2.0, 16.0.0, 16.1.0, 16.2.0, 16.3.0, 16.4.0, 16.4.1, 16.4.3, 16.5.0, 16.6.0, 16.6.1, 16.6.2, 16.7.0, 16.7.1, 16.7.2, 16.7.3, 16.7.4, 16.7.5, 16.7.6, 16.7.7, 16.7.8, 16.7.9, 16.7.10, 16.7.11, 16.7.12, 20.0.0, 20.0.1, 20.0.2, 20.0.3, 20.0.4, 20.0.5, 20.0.6, 20.0.7, 20.0.8, 20.0.9, 20.0.10, 20.0.11, 20.0.12, 20.0.13, 20.0.14, 20.0.15, 20.0.16, 20.0.17, 20.0.18, 20.0.19, 20.0.20, 20.0.21, 20.0.22, 20.0.23, 20.0.24, 20.0.25, 20.0.26, 20.0.27, 20.0.28, 20.0.29, 20.0.30, 20.0.31, 20.0.32, 20.0.33, 20.0.34, 20.0.35, 20.1.0, 20.2.0, 20.2.1, 20.2.2, 20.3.0, 20.3.1, 20.4.0, 20.4.1, 20.4.2, 20.4.3, 20.4.4, 20.4.5, 20.4.6, 20.4.7, 20.5.0, 20.6.0, 20.7.0, 20.7.1, 20.7.2, 20.8.0, 20.8.1, 20.9.0, 20.10.0, 20.11.0, 20.11.1, 20.11.2, 20.12.0, 20.12.1, 20.13.0, 20.13.1, 20.13.2, 20.13.3, 20.13.4, 20.14.0, 20.14.1, 20.15.0, 20.15.1, 20.16.0, 20.16.1, 20.16.2, 20.16.3, 20.16.4, 20.16.5, 20.16.6, 20.16.7, 20.17.0, 20.17.1, 20.18.0, 20.19.0, 20.20.0, 20.21.0, 20.21.1, 20.22.0, 20.23.0, 20.23.1, 20.24.0, 20.24.1, 20.24.2, 20.24.3, 20.24.4, 20.24.5, 20.24.6, 20.24.7, 20.25.0, 20.25.1, 20.25.2, 20.25.3, 20.26.0, 20.26.1, 20.26.2