Skip to content

Remote Code Execution from malicious `.venv` files

Moderate
MichaelAquilina published GHSA-h8wm-cqq6-957q May 13, 2020

Package

zsh-autoswitch-virtualenv (zsh)

Affected versions

<1.16.0

Patched versions

1.16.0

Description

Impact

A user who enters a directory with a malicious .venv file could run arbitrary code without any user interaction.

Patches

Fixed by #123
Version: 1.16.0

References

Original Issue: #122

Severity

Moderate

CVE ID

CVE-2020-11073

Weaknesses

No CWEs