CVE-2021-42969

Name of the Vulnerable Software and Affected Versions Anaconda3 version 2021.05

Description The issue concerns OS command injection. When a user installs Anaconda, an attacker can create a new file and write something in usercustomize.py. This allows the execution of commands when the user opens the terminal or activates Anaconda.

Recommendations For Anaconda3 version 2021.05, consider restricting access to the usercustomize.py file to prevent unauthorized modifications until a patch is available. As a temporary workaround, avoid using the usercustomize.py file for customizations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.