HIGH🇬🇧 English

CVE-2021-42969

CVSS 8.8v3.1pub. 2022-05-13upd. 2024-11-21

Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • Anaconda Anaconda3

    APP
    Anaconda
    2021.05
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
Command Injection
CWE
Referencje

Powiązane podatności

CVE-2024-46060HIGH7.8ten sam produkt

Anaconda3 macOS installers before 2024.06-1 contain a local privilege escalation vulnerability when installed ...

CVE-2022-26526HIGH7.8ten sam produkt

Anaconda Anaconda3 (Anaconda Distribution) through 2021.11.0.0 and Miniconda3 through 4.11.0.0 can create a wo...

CVE-2023-35845MEDIUM4.7ten sam produkt

Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pe...

CVE-2021-42343CRITICAL9.8ten sam vendor

An issue was discovered in the Dask distributed package before 2021.10.0 for Python. Single machine Dask clust...

CVE-2025-32798HIGH8.2ten sam vendor

Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build reci...