Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/06/15 8:58 p.m.8 views

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS7.6AI score0.00153EPSS
Exploits0References1
NVD
NVD
added 2025/06/13 9:15 p.m.15 views

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS0.00153EPSS
Exploits0References2
CVE
CVE
added 2025/06/13 8:22 p.m.50 views

CVE-2025-49598

Summary: CVE-2025-49598 affects the conda-forge-ci-setup package (and its feedstock setup script) via an unsafe use of eval when parsing version information from a custom-formatted meta.yaml. An attacker who can modify the recipe (RECIPE_DIR) and supply a malicious meta.yaml can cause arbitrary c...

7.3CVSS6.9AI score0.00153EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/13 8:22 p.m.17 views

CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS0.00153EPSS
Exploits0References2
OSV
OSV
added 2025/06/13 8:22 p.m.9 views

CVE-2025-49598 conda-forge-ci-setup Allows Arbitrary Code Execution via Insecure Version Parsing

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a custom-formatted meta.yaml file. An attacker controlling...

7.3CVSS7.6AI score0.00153EPSS
Exploits0References4
Rows per page
Query Builder