Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Certain Anaconda3 2021.05 are affected by OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. When the user opens the terminal or activates Anaconda, the command will be executed.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Anaconda3 操作系统命令注入漏洞
Vulnerability Description
Anaconda3是美国Anaconda公司的一个用于科学计算(数据科学、机器学习应用程序、大规模数据处理、预测分析等)的 Python 和 R 编程语言的发行版。致力于简化软件包管理系统和部署。 Anaconda3 2021.05 存在安全漏洞,该漏洞源于usercustomize.py缺少对于操作系统命令的过滤和限制。攻击者可以创建新文件利用该漏洞在激活Anaconda时执行命令。
CVSS Information
N/A
Vulnerability Type
N/A