CNNVD-202506-1915 Information
CNNVD ID
CNNVD-202506-1915
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Conda-build是Conda开源的一个用于构建conda包的命令和工具。 Conda-build 25.4.0之前版本存在代码注入漏洞,该漏洞源于对recipe selectors的不安全评估,可能导致任意代码执行。
Description (English)
Conda-build is a command and tool for the construction of conda packages from Conda Open Source. Conda-build 25.4.0 has a code-injecting loophole, which stems from an assessment of the insecurity of recipe selfators and may lead to arbitrary code enforcement.
Hazard Level
Medium
Vulnerability Type
代码注入
Affected Vendor
Conda
Published
2025-06-16
Last Modified
2026-02-24
References
https://github.com/conda/conda-build/blob/834448b995eee02cf1c2e7ca97bcfa9affc77ee5/conda_build/metadata.py https://github.com/conda/conda-build/commit/3d87213b840774a24ab1733664d2b36664233754 https://github.com/conda/conda-build/security/advisories/GHSA-6cc8-c3c9-3rgr https://access.redhat.com/security/cve/cve-2025-32798
Patch
https://github.com/conda/conda-build/releases
Share on: