Vulnerable Library - python-3.11.0-he550d4f_1_cpython.conda
General purpose programming language
Library home page: https://api.anaconda.org/download/conda-forge/python/3.11.0/linux-64/python-3.11.0-he550d4f_1_cpython.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.11.0-he550d4f_1_cpython.conda
Found in HEAD commit: 87a13d860d4a829b6ba08600703e5d866e1b44d4
Vulnerabilities
| Vulnerability |
Severity |
 CVSS |
Dependency |
Type |
Fixed in (python version) |
Remediation Possible** |
| CVE-2026-1502 |
 Medium |
4.5 |
python-3.11.0-he550d4f_1_cpython.conda |
Direct |
N/A |
❌ |
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2026-1502
Vulnerable Library - python-3.11.0-he550d4f_1_cpython.conda
General purpose programming language
Library home page: https://api.anaconda.org/download/conda-forge/python/3.11.0/linux-64/python-3.11.0-he550d4f_1_cpython.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.11.0-he550d4f_1_cpython.conda
Dependency Hierarchy:
- ❌ python-3.11.0-he550d4f_1_cpython.conda (Vulnerable Library)
Found in HEAD commit: 87a13d860d4a829b6ba08600703e5d866e1b44d4
Found in base branch: main
Vulnerability Details
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Publish Date: 2026-04-10
URL: CVE-2026-1502
CVSS 3 Score Details (4.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.
Step up your Open Source Security Game with Mend here
General purpose programming language
Library home page: https://api.anaconda.org/download/conda-forge/python/3.11.0/linux-64/python-3.11.0-he550d4f_1_cpython.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.11.0-he550d4f_1_cpython.conda
Found in HEAD commit: 87a13d860d4a829b6ba08600703e5d866e1b44d4
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
Vulnerable Library - python-3.11.0-he550d4f_1_cpython.conda
General purpose programming language
Library home page: https://api.anaconda.org/download/conda-forge/python/3.11.0/linux-64/python-3.11.0-he550d4f_1_cpython.conda
Path to dependency file: /environment.yml
Path to vulnerable library: /home/wss-scanner/miniconda3/pkgs/python-3.11.0-he550d4f_1_cpython.conda
Dependency Hierarchy:
Found in HEAD commit: 87a13d860d4a829b6ba08600703e5d866e1b44d4
Found in base branch: main
Vulnerability Details
CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.
Publish Date: 2026-04-10
URL: CVE-2026-1502
CVSS 3 Score Details (4.5)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: Required
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: High
- Availability Impact: None
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with Mend here