CVE-2020-11073 HIGH

CVE-2020-11073: Remote Code Execution in Autoswitch Python Virtualenv

Vendor Michaelaquilina

Product zsh-autoswitch-virtualenv

Weakness CWE-77

Published May 13, 2020

Last update August 4, 2024

View on NVD All CVEs

CVSS base score

7.9/10

Attack vector Local

Attack complexity Low

Privileges required Low

User interaction Required

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N

What the vulnerability does

Description

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0

Key dates

Disclosure timeline

May 13, 2020 CVE published

August 4, 2024 Record updated