CNNVD-202506-1999 Information
CNNVD ID
CNNVD-202506-1999
Related CVE
- CNNVD Published: 2025-06-17
Description (Chinese)
conda-forge-webservices是conda-forge开源的一个部署用于运行condaforge管理命令和linting的web应用程序。 conda-forge-webservices 2025.3.24之前版本存在安全漏洞,该漏洞源于Docker容器以root用户执行命令,可能导致权限提升。
Description (English)
Conda-forge-webservices are an open source of conda-forge, a Web application deployed to run condaforge management commands and linting. There was a security loophole in the pre-conda-forge-webservices 2025.3.24, which originated in the Docker container, where the order was executed by the root user, which could lead to increased privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
conda-forge
Published
2025-06-17
Last Modified
2026-02-24
References
https://github.com/conda-forge/conda-forge-webservices/security/advisories/GHSA-3cj6-wc22-wvpv https://github.com/conda-forge/conda-forge-webservices/commit/c28b67f833f32299cc47eef8ad226ca991db67ae https://access.redhat.com/security/cve/cve-2025-49842 https://nvd.nist.gov/vuln/detail/CVE-2025-49842
Patch
https://github.com/conda-forge/conda-forge-webservices/releases
Share on: