发布于3月6日3月6日 Members Oracle Linux: CVE-2024-53899: ELSA-2024-10953:python36:3.6 security update (IMPORTANT) (Multiple Advisories) Severity 7 CVSS (AV:L/AC:L/Au:N/C:C/I:C/A:C) Published 11/24/2024 Created 12/17/2024 Added 12/13/2024 Modified 01/20/2025 Description virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. A flaw was found in the virtualenv Python package. Due to the handling of quotes in magic template strings, the virtual environment activation script is vulnerable to OS command injection. Solution(s) oracle-linux-upgrade-python36 oracle-linux-upgrade-python36-debug oracle-linux-upgrade-python36-devel oracle-linux-upgrade-python36-rpm-macros oracle-linux-upgrade-python3-bson oracle-linux-upgrade-python3-distro oracle-linux-upgrade-python3-docs oracle-linux-upgrade-python3-docutils oracle-linux-upgrade-python3-nose oracle-linux-upgrade-python3-pygments oracle-linux-upgrade-python3-pymongo oracle-linux-upgrade-python3-pymongo-gridfs oracle-linux-upgrade-python3-pymysql oracle-linux-upgrade-python3-scipy oracle-linux-upgrade-python3-sqlalchemy oracle-linux-upgrade-python3-virtualenv oracle-linux-upgrade-python3-wheel oracle-linux-upgrade-python3-wheel-wheel oracle-linux-upgrade-python-nose-docs oracle-linux-upgrade-python-pymongo-doc oracle-linux-upgrade-python-sqlalchemy-doc oracle-linux-upgrade-python-virtualenv oracle-linux-upgrade-python-virtualenv-doc References https://attackerkb.com/topics/cve-2024-53899 CVE - 2024-53899 ELSA-2024-10953 ELSA-2024-11048
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。