CVE-2024-53899: Command Injection
Published Nov 24, 2024
·Updated
Last updated 25 February 2025
Affected Software
6 affected componentsFixes available
pip/virtualenv<20.26.6
20.26.6
debian/python-virtualenv<=20.4.0+ds-2+deb11u1, <=20.17.1+ds-1
20.29.1+ds-1
virtualenv virtualenv<20.26.6
Microsoft cbl2 python-virtualenv 20.14.0-6
Microsoft azl3 python-virtualenv 20.25.0-3
Microsoft cbl2 python-virtualenv 20.26.6-1
Remediation
Patch Available
Event History
Nov 24, 2024
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via Red Hat·05:01 PM
DescriptionSeverityAffected Software
Advisory Published
via GitHub·06:31 PM
Dec 20, 2024
Data Sourced
via Microsoft·08:00 AM
DescriptionSeverityWeakness
Data Sourced
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
Affected Software
Updated
via Microsoft·08:00 AM
DescriptionSeverity
Mar 2, 2025
Data Sourced
via Ubuntu·04:21 PM
RemedyDescriptionSeverityAffected Software
Frequently Asked Questions
1
What is the severity of CVE-2024-53899?
CVE-2024-53899 is classified as a command injection vulnerability, which can compromise the security of the system.
2
How do I fix CVE-2024-53899?
To fix CVE-2024-53899, update virtualenv to version 20.26.6 or later.
3
What software is affected by CVE-2024-53899?
CVE-2024-53899 affects virtualenv versions prior to 20.26.6.
4
What could happen if I don't resolve CVE-2024-53899?
If left unresolved, CVE-2024-53899 could allow an attacker to execute arbitrary commands on the system through manipulated activation scripts.
5
Is CVE-2024-53899 related to any other vulnerabilities?
CVE-2024-53899 is not the same as CVE-2024-9287, although both involve vulnerabilities in virtualenv.