Skip to content

atorralba/CVE-2021-30005-POC

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 

Repository files navigation

CVE-2021-30005-POC

PoC for CVE-2021-30005.

Details

The vulnerability resides in the fact that PyCharm would automatically activate a virtual environment found in the project when opened for the first time. This allowed an attacker to create a repository containing a malicious virtual environment with arbitrary commands in the activation scripts (e.g. venv/bin/activate), that would get executed when downloaded and opened in PyCharm.

The injected command can be found here.

To reproduce

Clone the repo:

git clone https://github.com/atorralba/CVE-2021-30005-POC

And open it in a vulnerable version of PyCharm (before 2020.3.4).

More information about the fix

See Trusted Projects in https://blog.jetbrains.com/pycharm/2021/03/pycharm-2020-3-4-is-out/

References

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages