CNNVD-202506-1798 Information

CNNVD ID

CNNVD-202506-1798

Related CVE

CVE-2025-49598

• CNNVD Published: 2025-06-13

Description (Chinese)

conda forge ci-setup是conda forge社区的一个开源库。 conda forge ci-setup存在安全漏洞，该漏洞源于eval函数不安全使用，可能导致任意代码执行。

Description (English)

Conda forge c-setup is an open source for the community of conda forge. There is a security loophole in the conda forge c-setup, which stems from the unsafe use of the eval function, which may lead to any code execution.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

conda forge

Published

2025-06-13

Last Modified

2026-02-24

References

https://github.com/conda-forge/conda-forge-ci-setup-feedstock/commit/fd91cb271c01f0e7928ebdc1feaac96fe385f959 https://github.com/conda-forge/conda-forge-ci-setup-feedstock/security/advisories/GHSA-jh2q-mrmj-hff3 https://access.redhat.com/security/cve/cve-2025-49598

Patch

https://github.com/conda-forge/conda-forge-ci-setup-feedstock