Rattler vulnerable to package cache path traversal via conda package build string
rattler_cache and py-rattler were vulnerable to package-cache path traversal when handling package metadata from conda channels. During cache materialization, the ratter_cache code used the package record build string as part of a cache key that was joined into a filesystem path. A malicious or untrusted channel could publish repodata with path separators or traversal components in that field, causing package contents to be written outside the configured package cache directory. …