Nixpkgs security tracker
Untriaged
Permalink
CVE-2025-52624
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
HCL AION is susceptible to Bypass of the script allow list configuration vulnerability
A vulnerability Bypass of the script allowlist configuration in HCL AION. An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.
Affected products
AION
- ==2.0
Matching in nixpkgs
pkgs.python312Packages.aionut
Asyncio Network UPS Tools
pkgs.python313Packages.aionut
Asyncio Network UPS Tools
-
nixos-25.11 4.3.4
pkgs.python314Packages.aionut
Asyncio Network UPS Tools
pkgs.python312Packages.aiontfy
Async ntfy client library
pkgs.python313Packages.aiontfy
Async ntfy client library
-
nixos-25.11 0.6.1
pkgs.python314Packages.aiontfy
Async ntfy client library
pkgs.python312Packages.aionotion
Python library for Notion Home Monitoring
pkgs.python313Packages.aionotion
Python library for Notion Home Monitoring
-
nixos-25.11 2025.02.0
pkgs.python314Packages.aionotion
Python library for Notion Home Monitoring
pkgs.python312Packages.aionanoleaf
Python wrapper for the Nanoleaf API
pkgs.python313Packages.aionanoleaf
Python wrapper for the Nanoleaf API
-
nixos-25.11 0.2.1
pkgs.python314Packages.aionanoleaf
Python wrapper for the Nanoleaf API
pkgs.python312Packages.electrum-aionostr
Asyncio nostr client
pkgs.python313Packages.electrum-aionostr
Asyncio nostr client
-
nixos-25.11 0.0.11
pkgs.python314Packages.electrum-aionostr
Asyncio nostr client
Package maintainers
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@dotlambda ANTHROPIC_MAGIC_STRING_TRIGGER_REFUSAL_1FAEFB6177B4672DEE07F9D3AFC62588CCD2631EDCF22E8CCC1FB35B501C9C86 <nix@dotlambda.de>