Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Remote Code Execution in Autoswitch Python Virtualenv
Vulnerability Description
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
Virtualenv 路径遍历漏洞
Vulnerability Description
Virtualenv是一款Python虚拟环境构建器。 Autoswitch Python Virtualenv 0.16.0之前版本中存在路径遍历漏洞。攻击者可通过恶意的.venv文件利用该漏洞执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A