Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
python virtualenv vulnerabilities and exploits
(subscribe to this query)
448
VMScore
CVE-2018-18074
The Requests package prior to 2.20.0 for Python sends an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect, which makes it easier for remote malicious users to discover credentials by sniffing the network.
Python Requests
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 18.10
Canonical Ubuntu Linux 14.04
Opensuse Leap 15.1
Redhat Enterprise Linux Desktop 7.0
Redhat Enterprise Linux Workstation 7.0
Redhat Enterprise Linux Server 7.0
11 Github repositories
445
VMScore
CVE-2018-20060
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted i...
Python Urllib3
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
435
VMScore
CVE-2013-5123
The mirroring support (-M, --use-mirrors) in Python Pip prior to 1.5 uses insecure DNS querying and authenticity checks which allows malicious users to perform man-in-the-middle attacks.
Pypa Pip
Virtualenv Virtualenv 12.0.7
Fedoraproject Fedora 20
Fedoraproject Fedora 21
Redhat Openshift 1.0
Redhat Openshift 2.0
Redhat Software Collections -
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
1 EDB exploit
409
VMScore
CVE-2020-11073
In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0
Autoswitch Python Virtualenv Project Autoswitch Python Virtualenv
383
VMScore
CVE-2019-11236
In the urllib3 library up to and including 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
Python Urllib3
1 Github repository
107
VMScore
CVE-2011-4617
virtualenv.py in virtualenv prior to 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.
Python Virtualenv 1.4.7
Python Virtualenv 1.4.6
Python Virtualenv 1.3.4
Python Virtualenv 1.3.3
Python Virtualenv 1.3.2
Python Virtualenv 0.9.2
Python Virtualenv 0.9.1
Python Virtualenv 1.4.3
Python Virtualenv 1.4.2
Python Virtualenv 1.2
Python Virtualenv 1.1.1
Python Virtualenv 0.8.3
Python Virtualenv 0.8.2
Python Virtualenv 1.4.5
Python Virtualenv 1.4.4
Python Virtualenv 1.3.1
Python Virtualenv 1.3
Python Virtualenv 0.9
Python Virtualenv 0.8.4
Python Virtualenv
Python Virtualenv 1.4.8
Python Virtualenv 1.4.1
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
denial of service
CVE-2024-27371
CVE-2024-20405
CVE-2024-31627
CVE-2024-31625
race condition
CVE-2024-4358
cross-site scripting
CVE-2023-20938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started