CNNVD-202506-1923 Information
CNNVD ID
CNNVD-202506-1923
Related CVE
- CNNVD Published: 2025-06-16
Description (Chinese)
Conda-build是Conda开源的一个用于构建conda包的命令和工具。 Conda-build 25.3.0之前版本存在安全漏洞,该漏洞源于pyproject.toml中列出了未发布的依赖项,可能导致恶意代码注入。
Description (English)
Conda-build is a command and tool for the construction of conda packages from Conda Open Source. There was a security loophole in the pre-Conda-build 25.3.0 version, which originated from the listing of unpublished dependencies in pyproject.toml, which could lead to malicious code injection.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Conda
Published
2025-06-16
Last Modified
2026-02-24
References
https://drive.google.com/file/d/18qe97zxcpTn2l84187A9meGCi2Wg-n_Y/view https://github.com/conda/conda-build/commit/f5a6aeef0d5d6940b8c2a88796910dc7476a62bb https://github.com/conda/conda-build/security/advisories/GHSA-83gh-p93g-cwgx https://access.redhat.com/security/cve/cve-2025-32800
Patch
https://github.com/conda/conda-build/releases
Share on: