Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Accepted

Permalink CVE-2025-0502

updated 1 year, 2 months ago by @Erethon Activity log

Created automatic suggestion 1 year, 2 months ago
@Erethon accepted 1 year, 2 months ago

Transmission of Private Resources into a New Sphere in Crafter Engine

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.

References

https://craftercms.com/docs/current/security/advisory.html#cv-2025011501

Affected products

Engine

<4.0.8
<4.1.6

Matching in nixpkgs

pkgs.haskellPackages.Control-Engine

A parallel producer/consumer engine (thread pool)

nixos-unstable 1.1.0.1
- nixpkgs-unstable 1.1.0.1
- nixos-unstable-small 1.1.0.1

pkgs.perl538Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl540Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl538Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1

pkgs.perl540Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1