5 matches found
CVE-2025-49823
conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...
CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)
conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...
CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)
conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...
CVE-2025-49823
Conda Constructor prior to 3.11.3 is affected. The vulnerability arises in shell installer scripts that process the installation prefix (user_prefix) using an eval statement, causing unsanitized user input to be executed as shell code. This can allow command injection via a malicious installation...
CVE-2025-49823 Conda Constructor Command Injection via Unsanitized User Input (Low)
conda Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix userprefix using an eval statement, which executes unsanitized user input as shell code. Although the script runs...