Security Features

Affecting python-virtualenv package, versions *

Report new vulnerabilities
high severity
Do your applications use this vulnerable package? Test your applications

Overview

** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.

References

CVE
CVE-2018-17793
Snyk ID
SNYK-DEBIAN9-PYTHONVIRTUALENV-299812
Disclosed
30 Sep, 2018
Published
30 Sep, 2018