CNNVD-202601-1727 Information
CNNVD ID
CNNVD-202601-1727
Related CVE
- CNNVD Published: 2026-01-10
Description (Chinese)
Virtualenv是Python Packaging Authority开源的一款Python虚拟环境构建器。 virtualenv 20.36.1之前版本存在竞争条件问题漏洞,该漏洞源于目录创建操作中存在TOCTOU漏洞,可能导致基于符号链接的攻击。
Description (English)
Virtualenv is a Python Virtual Environment Builder from the Python Packaging Society Open Source. The previous version of the virtualenv 20.36.1 had a loophole in the competition conditions, which stemmed from the TOCTOU loophole in the catalogue creation operation and could lead to an attack based on a symbol link.
Hazard Level
High
Vulnerability Type
竞争条件问题
Affected Vendor
Python Packaging Authority
Published
2026-01-10
Last Modified
2026-02-24
References
https://github.com/pypa/virtualenv/commit/dec4cec5d16edaf83a00a658f32d1e032661cebc https://github.com/pypa/virtualenv/pull/3013 https://github.com/pypa/virtualenv/security/advisories/GHSA-597g-3phw-6986
Patch
https://github.com/pypa/virtualenv/releases
Share on: