16 matches found
EUVD-2025-28316
Malicious code in bioql PyPI...
CVE-2025-49842
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
CVE-2025-49842
The CVE concerns conda-forge-webservices, a web app used to manage conda-forge admin tasks. Prior to version 2025.3.24, the conda_forge_webservice Docker container executed commands without a dedicated user, leaving the container running as root. This can enable privilege escalation and potential...
CVE-2025-49842 conda-forge-webservices Privilege Escalation Risk via Default Docker Root User
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. Prior to version 2025.3.24, the condaforgewebservice Docker container executes commands without specifying a user. By default, Docker containers run as the root user, which increases the risk of privile...
conda-forge-webservices 安全漏洞
conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in conda-forge-webservices versions prior to 2025.3.24, which stems from a Docker container executing commands as the root user, which...
PT-2025-25658 · Conda Forge · Conda-Forge-Webservices
Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.3.24 Description: The conda-forge-webservices web app, used to run conda-forge admin commands and linting, has an issue where the conda forge webservice Docker container executes commands without...
CVE-2025-32784
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
CVE-2025-32784
Conda-forge-webservices (versions prior to 2025.4.10) is vulnerable to an unauthorized artifact modification race condition (TOCTOU). The issue arises from a lack of atomicity between hash validation and the artifact copy, allowing an attacker with cf-staging access to overwrite a verified artifa...
CVE-2025-32784 conda-forge-webservices has an Unauthorized Artifact Modification Race Condition
conda-forge-webservices is the web app deployed to run conda-forge admin commands and linting. In versions prior to 2025.4.10, a race condition vulnerability has been identified in the conda-forge-webservices component used within the shared build infrastructure. This vulnerability, categorized a...
conda-forge-webservices 安全漏洞
conda-forge-webservices is a conda-forge open source web application deployed to run condaforge management commands and linting. A security vulnerability exists in versions of conda-forge-webservices prior to 2025.4.10 that stems from a competitive condition and could lead to the release of a...
PT-2025-16541 · Conda Forge · Conda-Forge-Webservices
Name of the Vulnerable Software and Affected Versions: conda-forge-webservices versions prior to 2025.4.10 Description: A Time-of-Check to Time-of-Use TOCTOU issue has been identified in the conda-forge-webservices component, which can be exploited to introduce unauthorized modifications to build...