Nixpkgs security tracker
6.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Hono: SSE Control Field Injection via CR/LF in writeSSE()
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, when using streamSSE() in Streaming Helper, the event, id, and retry fields were not validated for carriage return (\r) or newline (\n) characters. Because the SSE protocol uses line breaks as field delimiters, this could allow injection of additional SSE fields within the same event frame if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
References
-
https://github.com/honojs/hono/security/advisories/GHSA-p6xx-57qc-3wxr x_refsource_CONFIRM
Affected products
- ==< 4.12.4
Matching in nixpkgs
pkgs.libsForQt5.phonon
Multimedia API for Qt
pkgs.kdePackages.phonon
Multi-platform sound framework for application developers
pkgs.kdePackages.phonon-vlc
VLC backend for the Phonon multimedia library
pkgs.plasma5Packages.phonon
Multimedia API for Qt
pkgs.typstPackages.phonokit
A toolkit to create phonological representations
pkgs.python312Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python313Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python314Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.typstPackages.phonokit_0_0_1
Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories
pkgs.typstPackages.phonokit_0_2_0
Create phonological representations
pkgs.typstPackages.phonokit_0_3_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_7
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_0
A toolkit to create phonological representations
pkgs.libsForQt5.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.python312Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
pkgs.python313Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.python314Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.plasma5Packages.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.libsForQt5.phonon-backend-gstreamer
GStreamer backend for Phonon
Package maintainers
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@PsyanticY Psyanticy <iuns@outlook.fr>
-
@CHN-beta Haonan Chen <chn@chn.moe>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth