vulnerability
Rocky Linux: CVE-2024-53899: python36-3.6 (RLSA-2024-10953)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:S/C:C/I:C/A:C) | Dec 19, 2024 | Feb 5, 2026 | Feb 5, 2026 |
Severity
7
CVSS
(AV:L/AC:L/Au:S/C:C/I:C/A:C)
Published
Dec 19, 2024
Added
Feb 5, 2026
Modified
Feb 5, 2026
Description
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287.
Solutions
rocky-upgrade-python-pymongo-debuginforocky-upgrade-python-pymongo-debugsourcerocky-upgrade-python3-bsonrocky-upgrade-python3-bson-debuginforocky-upgrade-python3-pymongorocky-upgrade-python3-pymongo-debuginforocky-upgrade-python3-pymongo-gridfsrocky-upgrade-python3-scipyrocky-upgrade-python3-scipy-debuginforocky-upgrade-python3-sqlalchemyrocky-upgrade-python36rocky-upgrade-python36-debugrocky-upgrade-python36-develrocky-upgrade-scipy-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.