Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    Related vulnerabilities

    GHSA-Q53Q-5R4J-5729

    Vulnerability from github – Published: 2026-06-01 14:15 – Updated: 2026-06-09 11:52
    VLAI
    Summary
    rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
    Details

    Summary

    EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.

    Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.

    Affected

    • Repository: https://github.com/conda/rattler
    • Commit: a0e61a33da8b9d6de712fab2a879fa9da977e6e3 (HEAD at audit time, 2026-05-13 release)
    • Downstream consumers reached through the same code path: prefix-dev/pixi @ e640477
    • pixi 0.69.0 and rattler-build 0.65.0 fix this issue

    Researcher

    Berkant Koc me@berkoc.com PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6

    Show details on source website

    {
      "affected": [
        {
          "package": {
            "ecosystem": "crates.io",
            "name": "rattler"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.43.2"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        },
        {
          "database_specific": {
            "last_known_affected_version_range": "\u003c= 0.23.2"
          },
          "package": {
            "ecosystem": "PyPI",
            "name": "py-rattler"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.24.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47425"
      ],
      "database_specific": {
        "cwe_ids": [
          "CWE-22",
          "CWE-73"
        ],
        "github_reviewed": true,
        "github_reviewed_at": "2026-06-01T14:15:31Z",
        "nvd_published_at": null,
        "severity": "MODERATE"
      },
      "details": "## Summary\n\n`EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and writes an executable Python script. A malicious `noarch:python` package can ship an `info/link.json` with an entry-point name containing `..`, `/`, `\\`, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as `bin/pip`) with mode `0o775` on Unix and a copied launcher `.exe` on Windows. This affects the default install path of `pixi install`, `rattler-build`, some methods in `py-rattler`, and any other consumer of the `rattler` install crate; no flag or post-link-script opt-in is involved.\n\nResolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.\n\n## Affected\n\n- Repository: https://github.com/conda/rattler\n- Commit: `a0e61a33da8b9d6de712fab2a879fa9da977e6e3` (HEAD at audit time, 2026-05-13 release)\n- Downstream consumers reached through the same code path: `prefix-dev/pixi` @ `e640477`\n- pixi 0.69.0 and rattler-build 0.65.0 fix this issue\n\n## Researcher\n\nBerkant Koc \u003cme@berkoc.com\u003e\nPGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6",
      "id": "GHSA-q53q-5r4j-5729",
      "modified": "2026-06-09T11:52:08Z",
      "published": "2026-06-01T14:15:31Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/conda/rattler/security/advisories/GHSA-q53q-5r4j-5729"
        },
        {
          "type": "WEB",
          "url": "https://github.com/conda/rattler/pull/2445"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/conda/rattler"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "type": "CVSS_V4"
        }
      ],
      "summary": "rattler has an entry-point path traversal in noarch:python install (arbitrary file write)"
    }

    PYSEC-2026-2971

    Vulnerability from pysec - Published: 2026-07-13 15:35 - Updated: 2026-07-13 16:05
    VLAI
    Details

    Summary

    EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.

    Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.

    Affected

    • Repository: https://github.com/conda/rattler
    • Commit: a0e61a33da8b9d6de712fab2a879fa9da977e6e3 (HEAD at audit time, 2026-05-13 release)
    • Downstream consumers reached through the same code path: prefix-dev/pixi @ e640477
    • pixi 0.69.0 and rattler-build 0.65.0 fix this issue

    Researcher

    Berkant Koc me@berkoc.com PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6

    Impacted products
    Name purl
    py-rattler pkg:pypi/py-rattler

    {
      "affected": [
        {
          "package": {
            "ecosystem": "PyPI",
            "name": "py-rattler",
            "purl": "pkg:pypi/py-rattler"
          },
          "ranges": [
            {
              "events": [
                {
                  "introduced": "0"
                },
                {
                  "fixed": "0.24.0"
                }
              ],
              "type": "ECOSYSTEM"
            }
          ],
          "versions": [
            "0.1.0",
            "0.1.1",
            "0.1.2",
            "0.10.0",
            "0.11.0",
            "0.12.0",
            "0.13.0",
            "0.13.1",
            "0.14.0",
            "0.15.0",
            "0.16.0",
            "0.17.0",
            "0.18.0",
            "0.19.0",
            "0.2.0",
            "0.2.1",
            "0.20.0",
            "0.21.0",
            "0.22.0",
            "0.23.0",
            "0.23.1",
            "0.23.2",
            "0.3.0",
            "0.4.0",
            "0.5.0",
            "0.6.0",
            "0.6.1",
            "0.6.2",
            "0.6.3",
            "0.7.0",
            "0.7.1",
            "0.7.2",
            "0.8.0",
            "0.8.2",
            "0.9.0",
            "0.9.1"
          ]
        }
      ],
      "aliases": [
        "CVE-2026-47425",
        "GHSA-q53q-5r4j-5729"
      ],
      "details": "## Summary\n\n`EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and writes an executable Python script. A malicious `noarch:python` package can ship an `info/link.json` with an entry-point name containing `..`, `/`, `\\`, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as `bin/pip`) with mode `0o775` on Unix and a copied launcher `.exe` on Windows. This affects the default install path of `pixi install`, `rattler-build`, some methods in `py-rattler`, and any other consumer of the `rattler` install crate; no flag or post-link-script opt-in is involved.\n\nResolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.\n\n## Affected\n\n- Repository: https://github.com/conda/rattler\n- Commit: `a0e61a33da8b9d6de712fab2a879fa9da977e6e3` (HEAD at audit time, 2026-05-13 release)\n- Downstream consumers reached through the same code path: `prefix-dev/pixi` @ `e640477`\n- pixi 0.69.0 and rattler-build 0.65.0 fix this issue\n\n## Researcher\n\nBerkant Koc \u003cme@berkoc.com\u003e\nPGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6",
      "id": "PYSEC-2026-2971",
      "modified": "2026-07-13T16:05:50.127320Z",
      "published": "2026-07-13T15:35:23.329275Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/conda/rattler/security/advisories/GHSA-q53q-5r4j-5729"
        },
        {
          "type": "WEB",
          "url": "https://github.com/conda/rattler/pull/2445"
        },
        {
          "type": "PACKAGE",
          "url": "https://github.com/conda/rattler"
        },
        {
          "type": "PACKAGE",
          "url": "https://pypi.org/project/py-rattler"
        },
        {
          "type": "ADVISORY",
          "url": "https://github.com/advisories/GHSA-q53q-5r4j-5729"
        },
        {
          "type": "ADVISORY",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47425"
        }
      ],
      "severity": [
        {
          "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "type": "CVSS_V4"
        }
      ],
      "summary": "rattler has an entry-point path traversal in noarch:python install (arbitrary file write)"
    }