Moderate severityNVD Advisory· Published Dec 31, 2011· Updated Jun 16, 2026
CVE-2011-4617
CVE-2011-4617
Description
virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
virtualenvPyPI | < 1.5 | 1.5 |
Affected products
28cpe:2.3:a:python:virtualenv:*:*:*:*:*:*:*:*+ 26 more
- cpe:2.3:a:python:virtualenv:*:*:*:*:*:*:*:*range: <=1.4.9
- cpe:2.3:a:python:virtualenv:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:0.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:python:virtualenv:1.4.8:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
11- secunia.com/advisories/47240nvdVendor Advisory
- github.com/advisories/GHSA-3jhc-wjqf-5f2cghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4617ghsaADVISORY
- lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.htmlnvdWEB
- lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.htmlnvdWEB
- openwall.com/lists/oss-security/2011/12/19/2nvdWEB
- openwall.com/lists/oss-security/2011/12/19/4nvdWEB
- openwall.com/lists/oss-security/2011/12/19/5nvdWEB
- github.com/pypa/advisory-database/tree/main/vulns/virtualenv/PYSEC-2011-23.yamlghsaWEB
- github.com/pypa/virtualenv/commit/68075ad9ededf7df2c46d385f836c13b729de2caghsaWEB
- web.archive.org/web/20200228151935/https://bitbucket.org/ianb/virtualenv/commits/8be37c509fe5ghsaWEB
News mentions
0No linked articles in our index yet.