CVE-2020-11073

Summary

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0

Affected Software

VendorProductVersion RangeStatus
MichaelAquilinazsh-autoswitch-virtualenv< 0.16.0affected

Weaknesses

  • CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

ADP Enrichment

CVE Program Container

Additional References

References