VYPR

Constructor

by Conda

Source repositories

CVEs (3)

  • CVE-2025-58244HigSep 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through <= 4.3.9.

  • CVE-2025-64343HigNov 7, 2025
    risk 0.51cvss 7.8epss 0.00

    (conda) Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive…

  • CVE-2025-49823NonJun 17, 2025
    risk 0.00cvss 0.0epss 0.00

    (conda) Constructor is a tool which allows constructing an installer for a collection of conda packages. Prior to version 3.11.3, shell installer scripts process the installation prefix (user_prefix) using an eval statement, which executes unsanitized user input as shell code.…