virtualenv contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the virtualenv.py script creating temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.
Local Access Required
Loss of Integrity
Upgrade to version 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.