CVE-2011-4617 — Link Following in Virtualenv

CWE-59 — Link Following9 documents6 sources

Severity

1.2LOWNVD

EPSS

0.0%

top 88.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Virtualenv Python Virtualenv

Timeline

PublishedDec 31

Latest updateMay 17

Description

virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

CVSS vector

AV:L/AC:H/C:N/I:P/A:NExploitability: 1.9 | Impact: 2.9

Affected Packages2 packages

▶PyPIvirtualenv/virtualenv< 1.5

▶NVDpython/virtualenv1.4.9+26

🔴Vulnerability Details

GHSA

Virtualenv Allows Symlink Attack on /tmp/↗2022-05-17

▶

OSV

Virtualenv Allows Symlink Attack on /tmp/↗2022-05-17

▶

CVEList

CVE-2011-4617: virtualenv↗2011-12-31

▶

OSV

CVE-2011-4617: virtualenv↗2011-12-31

▶

📋Vendor Advisories

Debian

CVE-2011-4617: python-virtualenv - virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary...↗2011

▶

💬Community

Bugzilla

CVE-2011-4617 python-virtualenv XSS [fedora-all]↗2012-01-03

▶

Bugzilla

CVE-2011-4617 python-virtualenv XSS [epel-all]↗2012-01-03

▶

Bugzilla

CVE-2011-4617 python-virtualenv XSS↗2011-12-19

▶