CVE 2021-42969: anyone fixing?

I’m new to the community so I’m not sure what to expect in terms of people being aware of developer activity. But I’m hoping to get some information about whether this even considered a bug and whether it will get fixed.

You can look up the “vulnerability” on any CVE database. I’m pretty sure it’s a bug bug I’m not sure it’s a vulnerability. Essentially, on mac or linux systems, if someone creates a “” file in the site.getusersitepackages() directory, the output of the code will get executed by your shell when the base environment is activated.

Because it’s listed in a CVE database with a high risk score, my infosec folks are cranky

Helo ejon,

Thank you for bringing this problem to our attention.

Can you please fill out a support request on our forum for this issue?
That way our engineering team can take a look at this issue and we can triage it.

Thank you!

Thanks. I have submitted a support request. I labelled it as “high” priority because I am afraid that I may be required to remove access to Anaconda for my users if I can’t address.