CWE-1357: Reliance on Insufficiently Trustworthy Component
Overview
CWE-1357 (Reliance on Insufficiently Trustworthy Component) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.
Description
The product is built from multiple separate components, but it uses a component that is not sufficiently trusted to meet expectations for security, reliability, updateability, and maintainability.
Applicable platforms
Kind
Name
Class
Prevalence
OS / CPE
architecture
—
Not Architecture-Specific
Undetermined
—
technology
—
Not Technology-Specific
Undetermined
—
technology
—
ICS/OT
Undetermined
—
Related CVEs in this database
These CVEs are mapped to this weakness in this database and kept for traceability and search.
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacke…