Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-3155

updated 9 months, 4 weeks ago by @LeSuisse Activity log

Created automatic suggestion 10 months ago
@LeSuisse dismissed 9 months, 4 weeks ago

Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

Affected products

yelp

*
<42.2-8

yelp-xsl

Matching in nixpkgs

pkgs.yelp

Help viewer in Gnome

nixos-unstable 42.2
- nixpkgs-unstable 42.2
- nixos-unstable-small 42.2

pkgs.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook

nixos-unstable 42.1
- nixpkgs-unstable 42.1
- nixos-unstable-small 42.1

pkgs.yelp-tools

Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation

nixos-unstable 42.1
- nixpkgs-unstable 42.1
- nixos-unstable-small 42.1

Package maintainers