Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GHSA-Q53Q-5R4J-5729
Vulnerability from github – Published: 2026-06-01 14:15 – Updated: 2026-06-09 11:52Summary
EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.
Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.
Affected
- Repository: https://github.com/conda/rattler
- Commit:
a0e61a33da8b9d6de712fab2a879fa9da977e6e3(HEAD at audit time, 2026-05-13 release) - Downstream consumers reached through the same code path:
prefix-dev/pixi@e640477 - pixi 0.69.0 and rattler-build 0.65.0 fix this issue
Researcher
Berkant Koc me@berkoc.com PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "rattler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.43.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 0.23.2"
},
"package": {
"ecosystem": "PyPI",
"name": "py-rattler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.24.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-47425"
],
"database_specific": {
"cwe_ids": [
"CWE-22",
"CWE-73"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-01T14:15:31Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "## Summary\n\n`EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and writes an executable Python script. A malicious `noarch:python` package can ship an `info/link.json` with an entry-point name containing `..`, `/`, `\\`, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as `bin/pip`) with mode `0o775` on Unix and a copied launcher `.exe` on Windows. This affects the default install path of `pixi install`, `rattler-build`, some methods in `py-rattler`, and any other consumer of the `rattler` install crate; no flag or post-link-script opt-in is involved.\n\nResolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.\n\n## Affected\n\n- Repository: https://github.com/conda/rattler\n- Commit: `a0e61a33da8b9d6de712fab2a879fa9da977e6e3` (HEAD at audit time, 2026-05-13 release)\n- Downstream consumers reached through the same code path: `prefix-dev/pixi` @ `e640477`\n- pixi 0.69.0 and rattler-build 0.65.0 fix this issue\n\n## Researcher\n\nBerkant Koc \u003cme@berkoc.com\u003e\nPGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6",
"id": "GHSA-q53q-5r4j-5729",
"modified": "2026-06-09T11:52:08Z",
"published": "2026-06-01T14:15:31Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/conda/rattler/security/advisories/GHSA-q53q-5r4j-5729"
},
{
"type": "WEB",
"url": "https://github.com/conda/rattler/pull/2445"
},
{
"type": "PACKAGE",
"url": "https://github.com/conda/rattler"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "rattler has an entry-point path traversal in noarch:python install (arbitrary file write)"
}
PYSEC-2026-2971
Vulnerability from pysec - Published: 2026-07-13 15:35 - Updated: 2026-07-13 16:05Summary
EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.
Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.
Affected
- Repository: https://github.com/conda/rattler
- Commit:
a0e61a33da8b9d6de712fab2a879fa9da977e6e3(HEAD at audit time, 2026-05-13 release) - Downstream consumers reached through the same code path:
prefix-dev/pixi@e640477 - pixi 0.69.0 and rattler-build 0.65.0 fix this issue
Researcher
Berkant Koc me@berkoc.com PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6
| Name | purl | py-rattler | pkg:pypi/py-rattler |
|---|
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "py-rattler",
"purl": "pkg:pypi/py-rattler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.24.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.1.0",
"0.1.1",
"0.1.2",
"0.10.0",
"0.11.0",
"0.12.0",
"0.13.0",
"0.13.1",
"0.14.0",
"0.15.0",
"0.16.0",
"0.17.0",
"0.18.0",
"0.19.0",
"0.2.0",
"0.2.1",
"0.20.0",
"0.21.0",
"0.22.0",
"0.23.0",
"0.23.1",
"0.23.2",
"0.3.0",
"0.4.0",
"0.5.0",
"0.6.0",
"0.6.1",
"0.6.2",
"0.6.3",
"0.7.0",
"0.7.1",
"0.7.2",
"0.8.0",
"0.8.2",
"0.9.0",
"0.9.1"
]
}
],
"aliases": [
"CVE-2026-47425",
"GHSA-q53q-5r4j-5729"
],
"details": "## Summary\n\n`EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and writes an executable Python script. A malicious `noarch:python` package can ship an `info/link.json` with an entry-point name containing `..`, `/`, `\\`, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as `bin/pip`) with mode `0o775` on Unix and a copied launcher `.exe` on Windows. This affects the default install path of `pixi install`, `rattler-build`, some methods in `py-rattler`, and any other consumer of the `rattler` install crate; no flag or post-link-script opt-in is involved.\n\nResolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.\n\n## Affected\n\n- Repository: https://github.com/conda/rattler\n- Commit: `a0e61a33da8b9d6de712fab2a879fa9da977e6e3` (HEAD at audit time, 2026-05-13 release)\n- Downstream consumers reached through the same code path: `prefix-dev/pixi` @ `e640477`\n- pixi 0.69.0 and rattler-build 0.65.0 fix this issue\n\n## Researcher\n\nBerkant Koc \u003cme@berkoc.com\u003e\nPGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6",
"id": "PYSEC-2026-2971",
"modified": "2026-07-13T16:05:50.127320Z",
"published": "2026-07-13T15:35:23.329275Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/conda/rattler/security/advisories/GHSA-q53q-5r4j-5729"
},
{
"type": "WEB",
"url": "https://github.com/conda/rattler/pull/2445"
},
{
"type": "PACKAGE",
"url": "https://github.com/conda/rattler"
},
{
"type": "PACKAGE",
"url": "https://pypi.org/project/py-rattler"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-q53q-5r4j-5729"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47425"
}
],
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "rattler has an entry-point path traversal in noarch:python install (arbitrary file write)"
}