Virtualenv vulnerabilities

CVE-2026-22702 [MEDIUM] CWE-59 CVE-2026-22702: virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TO virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and cr

CVE-2024-53899 [HIGH] CWE-77 CVE-2024-53899: virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual envi virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

CVE-2011-4617 [MEDIUM] CWE-59 Virtualenv Allows Symlink Attack on /tmp/ Virtualenv Allows Symlink Attack on /tmp/ virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.

CVE-2013-5123 [MEDIUM] CWE-287 CVE-2013-5123: The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and au The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.