GHSA-q53q-5r4j-5729

Suggest an improvement
Source
https://github.com/advisories/GHSA-q53q-5r4j-5729
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-q53q-5r4j-5729/GHSA-q53q-5r4j-5729.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-q53q-5r4j-5729
Aliases
  • CVE-2026-47425
Published
2026-06-01T14:15:31Z
Modified
2026-06-01T14:30:10.308159101Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U CVSS Calculator
Summary
rattler has an entry-point path traversal in noarch:python install (arbitrary file write)
Details

Summary

EntryPoint::FromStr in rattler_conda_types performs only .trim() on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, \, or an absolute path; the resulting file is written outside the prefix (or clobbers an existing in-prefix entry-point such as bin/pip) with mode 0o775 on Unix and a copied launcher .exe on Windows. This affects the default install path of pixi install, rattler-build, some methods in py-rattler, and any other consumer of the rattler install crate; no flag or post-link-script opt-in is involved.

Resolved in https://github.com/conda/rattler/pull/2445, released in rattler 0.43.2.

Affected

  • Repository: https://github.com/conda/rattler
  • Commit: a0e61a33da8b9d6de712fab2a879fa9da977e6e3 (HEAD at audit time, 2026-05-13 release)
  • Downstream consumers reached through the same code path: prefix-dev/pixi @ e640477
  • pixi 0.69.0 and rattler-build 0.65.0 fix this issue

Researcher

Berkant Koc me@berkoc.com PGP: 0C588DFD76204987284213EA0AC529C41F8AA5D6

Database specific 
{
    "cwe_ids": [
        "CWE-22",
        "CWE-73"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-01T14:15:31Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
}
References

Affected packages

crates.io / rattler

Package

Name
rattler
View open source insights on deps.dev
Purl
pkg:cargo/rattler

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.43.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/06/GHSA-q53q-5r4j-5729/GHSA-q53q-5r4j-5729.json"