CNNVD-202506-1917 Information
CNNVD ID
CNNVD-202506-1917
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Conda-build是Conda开源的一个用于构建conda包的命令和工具。 Conda-build 25.3.1之前版本存在安全漏洞,该漏洞源于临时构建脚本conda_build.sh权限设置不当,可能导致任意代码执行。
Description (English)
Conda-build is a command and tool for the construction of conda packages from Conda Open Source. There was a security loophole in the previous version of Conda-build 25.3.1, which resulted from an inappropriate set-up of permissions for the temporary construction of script conda build.sh, which could lead to arbitrary code execution.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Conda
Published
2025-06-16
Last Modified
2026-02-24
References
https://github.com/conda/conda-build/blob/3f06913bba22c4e1ef1065df9e00d86ac97f087c/conda_build/build.py#L3054-L3084 https://github.com/conda/conda-build/commit/d246e49c8f45e8033915156ee3d77769926f3c2e https://github.com/conda/conda-build/pull/5 https://github.com/conda/conda-build/security/advisories/GHSA-vfp6-3v8g-vcmm https://access.redhat.com/security/cve/cve-2025-32797
Patch
https://github.com/conda/conda-build/releases
Share on: