{"id":"PYSEC-2011-23","details":"virtualenv.py in virtualenv before 1.5 allows local users to overwrite arbitrary files via a symlink attack on a certain file in /tmp/.","aliases":["CVE-2011-4617","GHSA-3jhc-wjqf-5f2c"],"modified":"2024-01-19T18:11:16.178502Z","published":"2011-12-31T01:55:00Z","references":[{"type":"WEB","url":"http://openwall.com/lists/oss-security/2011/12/19/5"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2011/12/19/2"},{"type":"WEB","url":"https://bitbucket.org/ianb/virtualenv/changeset/8be37c509fe5"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2011/12/19/4"},{"type":"ADVISORY","url":"http://secunia.com/advisories/47240"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071643.html"},{"type":"WEB","url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-January/071638.html"}],"affected":[{"package":{"name":"virtualenv","ecosystem":"PyPI","purl":"pkg:pypi/virtualenv"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.5"}]}],"versions":["0.8","0.8.1","0.8.2","0.8.3","0.8.4","0.9","0.9.1","0.9.2","1.0","1.1","1.2","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.4","1.4.1","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.4rc1"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/virtualenv/PYSEC-2011-23.yaml"}}],"schema_version":"1.7.3"}