Lucene search
+L

5 matches found

NVD
NVD
added 2025/06/17 3:15 a.m.10 views

CVE-2025-49823

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

0.00141EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/17 2:21 a.m.50 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

0.00141EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/06/17 2:21 a.m.4 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

4.2AI score0.00141EPSS
Exploits0References2
CVE
CVE
added 2025/06/17 2:21 a.m.21 views

CVE-2025-49823

Conda Constructor prior to 3.11.3 is affected. The vulnerability arises in shell installer scripts that process the installation prefix (user_prefix) using an eval statement, causing unsanitized user input to be executed as shell code. This can allow command injection via a malicious installation...

4.2AI score0.00141EPSS
Exploits0References2
OSV
OSV
added 2025/06/17 2:21 a.m.6 views

CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)

conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...

7AI score0.00141EPSS
Exploits0References4
Rows per page
Query Builder