📦 Conda Build

CVE-2025-32799 is a path traversal vulnerability in conda-build that allows attackers to write files outside intended directories by crafting malicious tar archives. This can lead to arbitrary file ov...

CVE-2025-32798 allows arbitrary code execution during conda package builds due to unsafe eval() usage in recipe selectors. Attackers can inject malicious code into meta.yaml files to execute commands ...

CVE-2025-32797 is a local privilege escalation vulnerability in conda-build where the temporary build script conda_build.sh is created with overly permissive file permissions (0o766). Attackers with f...