Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Vulnerability Description
virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU (Time-of-Check-Time-of-Use) vulnerabilities in virtualenv allow local attackers to perform symlink-based attacks on directory creation operations. An attacker with local access can exploit a race condition between directory existence checks and creation to redirect virtualenv's app_data and lock file operations to attacker-controlled locations. This issue has been patched in version 20.36.1.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Vulnerability Title
virtualenv 竞争条件问题漏洞
Vulnerability Description
Virtualenv是Python Packaging Authority开源的一款Python虚拟环境构建器。 virtualenv 20.36.1之前版本存在竞争条件问题漏洞,该漏洞源于目录创建操作中存在TOCTOU漏洞,可能导致基于符号链接的攻击。
CVSS Information
N/A
Vulnerability Type
N/A