VYPR

conda-build

by Conda

CVEs (4)

  • CVE-2025-32800Jun 16, 2025
    risk 0.00cvss epss 0.01

    Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (malicious) code to the…

  • CVE-2025-32799Jun 16, 2025
    risk 0.00cvss epss 0.01

    Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with…

  • CVE-2025-32798Jun 16, 2025
    risk 0.00cvss epss 0.01

    Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval…

  • CVE-2025-32797Jun 16, 2025
    risk 0.00cvss epss 0.00

    Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users.…