conda-build
by Conda
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-32800 | 0.00 | — | 0.01 | Jun 16, 2025 | Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (malicious) code to the… | |||
| CVE-2025-32799 | 0.00 | — | 0.01 | Jun 16, 2025 | Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with… | |||
| CVE-2025-32798 | 0.00 | — | 0.01 | Jun 16, 2025 | Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval… | |||
| CVE-2025-32797 | 0.00 | — | 0.00 | Jun 16, 2025 | Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users.… |
- CVE-2025-32800Jun 16, 2025risk 0.00cvss —epss 0.01
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (malicious) code to the…
- CVE-2025-32799Jun 16, 2025risk 0.00cvss —epss 0.01
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with…
- CVE-2025-32798Jun 16, 2025risk 0.00cvss —epss 0.01
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval…
- CVE-2025-32797Jun 16, 2025risk 0.00cvss —epss 0.00
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users.…