Unrated severityNVD Advisory· Published May 13, 2020· Updated Aug 4, 2024

Remote Code Execution in Autoswitch Python Virtualenv

CVE-2020-11073

Description

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0

Affected products

Michaelaquilina/Zsh Autoswitch Virtualenvv5
Range: < 0.16.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/MichaelAquilina/zsh-autoswitch-virtualenv/commit/30c77db7c83eca2bc5f6134fccbdc117b49a6a05mitrex_refsource_MISC
github.com/MichaelAquilina/zsh-autoswitch-virtualenv/issues/122mitrex_refsource_MISC
github.com/MichaelAquilina/zsh-autoswitch-virtualenv/pull/123mitrex_refsource_MISC
github.com/MichaelAquilina/zsh-autoswitch-virtualenv/security/advisories/GHSA-h8wm-cqq6-957qmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000