9 matches found
EUVD-2025-18308
Malicious code in bioql PyPI...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing
conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...
CVE-2025-49598
Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...
conda forge ci-setup 安全漏洞
conda forge ci-setup is an open source library from the conda forge community. A security vulnerability exists in conda forge ci-setup, which stems from the unsafe use of the eval function and could lead to arbitrary code execution...
PT-2025-25444 · Unknown · Conda-Forge-Ci-Setup
Name of the Vulnerable Software and Affected Versions: conda-forge-ci-setup versions prior to 4.15.0 Description: The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An...