4 matches found
EUVD-2025-18458
Malicious code in bioql PyPI...
CVE-2025-32800
The Conda-build contains commands and tools to build Conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. This flaw allows an attacker to claim this namespace, upload arbitrary malicious code to the package, a...
CVE-2025-32800
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary malicious code to the package, and then exploit...
CVE-2025-32797 Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the writebuildscripts function in conda-build creates the temporary build script condabuild.sh with overly permissive file permissions 0o766, allowing write access to all users. Attackers with filesystem...