PoC for CVE-2021-30005.
The vulnerability resides in the fact that PyCharm would automatically activate a virtual environment found in the project when opened for the first time. This allowed an attacker to create a repository containing a malicious virtual environment with arbitrary commands in the activation scripts (e.g. venv/bin/activate
), that would get executed when downloaded and opened in PyCharm.
The injected command can be found here.
Clone the repo:
git clone https://github.com/atorralba/CVE-2021-30005-POC
And open it in a vulnerable version of PyCharm (before 2020.3.4).
See Trusted Projects in https://blog.jetbrains.com/pycharm/2021/03/pycharm-2020-3-4-is-out/
- Inspired by: https://blog.doyensec.com/2020/03/16/vscode_codeexec.html
- JetBrains security bulletin: https://blog.jetbrains.com/blog/2021/05/07/jetbrains-security-bulletin-q1-2021/