Lucene search
K

8 matches found

NVD
NVD
added 2026/06/18 9:16 p.m.16 views

CVE-2026-46699

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/18 8:47 p.m.21 views

CVE-2026-46699 conda-smithy vulnerable to misrouted repository invitation by conda-forge-webservices[bot] due to GitHub username takeover leading to unintended write access in conda-forge feedstock repository

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories through GitHub...

7.6CVSS0.00201EPSS
Exploits0References2
CVE
CVE
added 2026/06/18 8:47 p.m.27 views

CVE-2026-46699

CVE-2026-46699 affects the conda-smithy tool. Prior to version 3.61.0, a vulnerability in the conda-forge automated webservices allowed unintended write access to feedstock repositories due to using mutable GitHub usernames as identifiers for repository invitation routing, instead of stable GitHu...

7.6CVSS5.3AI score0.00201EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/13 1:13 a.m.10 views

CVE-2025-35471 conda-forge openssl-feedstock writable OPENSSLDIR

conda-forge openssl-feedstock before 066e83c 2024-05-20, on Microsoft Windows, configures OpenSSL to use an OPENSSLDIR file path that can be written to by non-privilged local users. By writing a specially crafted openssl.cnf file in OPENSSLDIR, a non-privileged local user can execute arbitrary co...

7.3CVSS7.2AI score0.00187EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/13 12:0 a.m.3 views

openssl-feedstock 安全漏洞

openssl-feedstock is a conda smithy repository for openssl open source by conda-forge. A security vulnerability exists in versions prior to openssl-feedstock 066e83c, which stems from an improperly configured path to the OPENSSLDIR file and could lead to the execution of arbitrary code...

7.8CVSS6.8AI score0.00187EPSS
Exploits1References2
NVD
NVD
added 2025/04/02 10:15 p.m.29 views

CVE-2025-31484

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS0.00387EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/02 9:38 p.m.6 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS7.2AI score0.00387EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/02 9:38 p.m.18 views

CVE-2025-31484 conda-forge infrastructure uses a bad token for Azure's cf-staging access

conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packa...

9.3CVSS0.00387EPSS
Exploits0References2
Rows per page
Query Builder