Unsafe Dependency Resolution Affecting conda-forge-metadata package, versions [0,]
Threat Intelligence
Exploit Maturity
Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
Proof of Concept
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-CONDAFORGEMETADATA-9213478
- published5 Mar 2025
- disclosed4 Mar 2025
- creditomnigodz
Introduced: 4 Mar 2025
NewCVE-2025-27510 (opens in a new tab)Common Vulnerabilities and Exposures (CVE) are common identifiers for publicly known security vulnerabilities
Common Weakness Enumeration (CWE) is a category system for software weaknesses
Amendment
This issue was found to be a duplicate.
The original vulnerability with details can be found [here](https://security.snyk.io/vuln/due to an unclaimed optional dependency. The package specifies an optional dependency on conda-oci-mirror, which is neither present on the PyPi repository nor registered by any entity. This oversight allows an attacker to publish a malicious package with the same name.).