Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged
Permalink CVE-2026-27948
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
created 1 month, 3 weeks ago Activity log
  • Created suggestion 1 month, 3 weeks ago
Copyparty vulnerable to eflected cross-site scripting via setck parameter

Copyparty is a portable file server. In versions prior to 1.20.9, an XSS allows for reflected cross-site scripting via URL-parameter `?setck=...`. Version 1.20.9 fixes the issue.

Affected products

copyparty
  • ==< 1.20.9

Matching in nixpkgs

pkgs.copyparty

turn almost any device into a file server over http(s), webdav, ftp(s), and tftp

pkgs.copyparty-min

turn almost any device into a file server over http(s), webdav, ftp(s), and tftp - minimal variant

pkgs.copyparty-most

turn almost any device into a file server over http(s), webdav, ftp(s), and tftp - most variant

Package maintainers