59 matches found
EUVD-2025-6186
Malicious code in bioql PyPI...
EUVD-2025-28316
Malicious code in bioql PyPI...
EUVD-2025-14756
Malicious code in bioql PyPI...
EUVD-2025-18308
Malicious code in bioql PyPI...
CVE-2025-49842
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842
The CVE concerns conda-forge-webservices, a web app used to manage conda-forge admin tasks. Prior to version 2025.3.24, the conda_forge_webservice Docker container executed commands without a dedicated user, leaving the container running as root. This can enable privilege escalation and potential...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
conda-forge-webservices 安全漏洞
conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in conda-forge-webservices versions prior to 2025.3.24, which stems from a Docker container executing commands as the root user, which...
conda-forge conda-smithy 安全漏洞
conda-forge conda-smithy is a conda-forge open source tool for managing raw materials for Conda Forge. A security vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from a file created by the travisheaders function having too many permissions, which could lead ...
PT-2025-25658 · Conda Forge · Conda-Forge-Webservices
Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.3.24 Description: The conda-forge-webservices web app, used to run conda-forge admin commands and linting, has an issue where the conda forge webservice Docker container executes commands without...
conda-forge conda-smithy 信息泄露漏洞
conda-forge conda-smithy is a conda-forge open source tool for managing conda-forge raw materials. An information disclosure vulnerability exists in conda-forge conda-smithy versions prior to 3.47.1, which stems from the travisencryptbinstartoken implementation being at risk of an Oracle Padding...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...