CVE-2018-17793 – ** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >& …

Vuln ID: CVE-2018-17793 (virtualenv)

Published:  2018-09-30  19:29:00Z

Description: ** DISPUTED ** Virtualenv 16.0.0 allows a sandbox escape via "python $(bash >&2)" and "python $(rbash >&2)" commands. NOTE: the software maintainer disputes this because the Python interpreter in a virtualenv is supposed to be able to execute arbitrary code.

Source: NVD.NIST.GOV

 


Date:

Categorie(s):

Tag(s):