Information disclosure in Conda-forge Conda-smithy

CVE-2025-49824

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package…

Vulnerability class: Information Disclosure

EPSS: 0.002 (15.4th percentile) — read the EPSS interpretation.