RCE in Conda-forge Conda-forge-ci-setup-feedstock

CVE-2025-49598

conda-forge-ci-setup is a package installed by conda-forge each time a build is run on CI. The conda-forge-ci-setup-feedstock setup script is vulnerable due to the unsafe use of the eval function when parsing version information from a cus…

EPSS: 0.002 (4.6th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References