CVE-2024-53899

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Nov 24, 2024
Updated: Nov 26, 2024
CWE ID 78
CWE ID 77

Summary

CVE-2024-53899 is a new vulnerability affecting virtualenv before version 20.26.6. This issue stems from incorrect quoting of magic template strings during the replacement process in virtual environment activation scripts. As a result, attackers can inject malicious commands and gain unauthorized access to the system. It is essential to update virtualenv to the latest version to mitigate this risk and avoid confusion with CVE-2024-9287, which is a different vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share