cve/CVE-2024-53899.md at main

admin/cve

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

810 B

Raw Permalink Blame History

CVE-2024-53899

Description

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.

POC

Reference

No PoCs from references.

Github

https://github.com/ARPSyndicate/cve-scores
https://github.com/PBorocz/raindrop-io-py

810 B Raw Permalink Blame History

CVE-2024-53899

Description

POC

Reference

Github

810 B

Raw Permalink Blame History