Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2026-1062
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
created 3 months ago
xiweicheng TMS HtmlUtil.java summary server-side request forgery

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Affected products

TMS
  • ==2.26
  • ==2.27
  • ==2.8
  • ==2.16
  • ==2.1
  • ==2.7
  • ==2.9
  • ==2.21
  • ==2.15
  • ==2.13
  • ==2.12
  • ==2.11
  • ==2.3
  • ==2.0
  • ==2.2
  • ==2.10
  • ==2.4
  • ==2.23
  • ==2.17
  • ==2.6
  • ==2.18
  • ==2.19
  • ==2.14
  • ==2.20
  • ==2.25
  • ==2.22
  • ==2.24
  • ==2.5
  • ==2.28.0

Matching in nixpkgs

pkgs.commitmsgfmt

Formats commit messages better than fmt(1) and Vim

Package maintainers