Anaconda

Conda-build

4 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2025-32800

Exploit
  • EPSS 0.09%
  • Veröffentlicht 16.06.2025 20:38:53
  • Zuletzt bearbeitet 01.08.2025 22:10:14

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary ...

9.8

CVE-2025-32799

Exploit
  • EPSS 0.45%
  • Veröffentlicht 16.06.2025 20:23:02
  • Zuletzt bearbeitet 02.07.2025 18:12:39

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar arch...

9.8

CVE-2025-32798

Exploit
  • EPSS 0.13%
  • Veröffentlicht 16.06.2025 20:15:27
  • Zuletzt bearbeitet 02.07.2025 18:21:45

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, con...

7

CVE-2025-32797

  • EPSS 0.02%
  • Veröffentlicht 16.06.2025 18:46:31
  • Zuletzt bearbeitet 11.08.2025 18:42:30

Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, The write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing writ...