Nixpkgs security tracker

Untriaged

Permalink CVE-2025-32291

10.0 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 10 months, 1 week ago

WordPress SUMO Affiliates Pro <= 10.7.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in FantasticPlugins SUMO Affiliates Pro allows Using Malicious Files. This issue affects SUMO Affiliates Pro: from n/a through 10.7.0.

References

https://patchstack.com/database/wordpress/plugin/affs/vulnerability/wordpress-s… vdb-entry

Affected products

affs

=<10.7.0

Matching in nixpkgs

pkgs.unyaffs

Tool to extract files from a YAFFS2 file system image

nixos-unstable 0.9
- nixpkgs-unstable 0.9
- nixos-unstable-small 0.9

pkgs.yaffshiv

Simple YAFFS file system parser and extractor

nixos-unstable 0-unstable-2024-08-30
- nixpkgs-unstable 0-unstable-2024-08-30
- nixos-unstable-small 0-unstable-2024-08-30

Package maintainers