CVE-2021-30005
HIGHJetBrains PyCharm < 2020.3.4 - Local Code Execution via VCS Project Import
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2021-30005. PoCs published by atorralba.
AI-analyzed exploit summary This repository contains a functional PoC for CVE-2021-30005, which exploits PyCharm's automatic virtual environment activation. The malicious virtual environment includes an activation script that executes arbitrary commands when the project is opened in a vulnerable version of PyCharm.
Description
In JetBrains PyCharm before 2020.3.4, local code execution was possible because of insufficient checks when getting the project from VCS.
Exploits (1)
This repository contains a functional PoC for CVE-2021-30005, which exploits PyCharm's automatic virtual environment activation. The malicious virtual environment includes an activation script that executes arbitrary commands when the project is opened in a vulnerable version of PyCharm.
References (3)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H