Please comment on CVE-2024-53899 and virtualenv activation scripts

[musicinmybrain]

Yesterday, CVE-2024-53899 was published, with the following description:

virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing.

This corresponds to pypa/virtualenv#2768 and is supposed to be fixed by pypa/virtualenv#2771.

Because uv vendors virtualenv activation scripts in crates/uv-virtualenv/src/activator/, I wondered if uv was also affected. Imitating the original reproducer in pypa/virtualenv#2768, and working with a uv checkout on the 0.5.4 tag:

$ cargo build
$ envname="';uname -a;':"
$ mkdir "$envname"
$ cd "$envname"
$ ../target/debug/uv venv .
$ . ./bin/activate
(';uname -a;':) ben@musicbox:~/src/forks/uv/';uname -a;':$

This is good; the uname -a command was not executed, so this test did not reproduce the problem.

Checking older versions, it looks like this was fixed between uv 0.5.2 and 0.5.3, probably in #8984 (although I did not bother bisecting). To reiterate this very clearly, I was not able to trivially reproduce CVE-2024-53899 in uv 0.5.3 and later, but I was able to reproduce it (output from uname -a appeared in my console) in uv 0.5.2 and earlier.

Could you please comment on whether you believe the underlying issue is entirely mitigated in uv, or whether further work needs to be done? Thank you!

[charliermarsh]

Thanks for filing! We'll take a look.

[konstin]

Due to #8984, uv is unaffected for:

• bash
• csg
• fish
• nushell

The powershell activator does not contain the path.

The batch activator is fixed by #9466.

While #8947 and the batch behavior are clearly bugs, I would like to remind users that you should never build virtual environments from untrusted input. There are various sources of arbitrary code execution, such as .pth files, wheel data writing to arbitrary paths in the venv and source dist builds running arbitrary code.

[musicinmybrain]

Thank you for investigating!