Nixpkgs security tracker

Untriaged

Permalink CVE-2025-68505

8.8 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 3 weeks ago

WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through <= 1.16.1.

References

Affected products

h5p

=<<= 1.16.1

Matching in nixpkgs

pkgs.python312Packages.h5py

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.python313Packages.h5py

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.tests.fetchpatch.simple

None

nixos-25.11 h5pv0p3j20qc
- nixpkgs-25.11-darwin h5pv0p3j20qc

pkgs.python312Packages.h5py-mpi

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0

pkgs.python313Packages.h5py-mpi

Pythonic interface to the HDF5 binary data format

nixos-unstable h5py-3.13.0
- nixpkgs-unstable h5py-3.13.0
- nixos-unstable-small h5py-3.13.0
nixos-25.11 h5py-3.14.0
- nixpkgs-25.11-darwin h5py-3.14.0