Nixpkgs security tracker
5.4 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): REQUIRED
- Scope (S): UNCHANGED
- Confidentiality impact (C): LOW
- Integrity impact (I): LOW
- Availability impact (A): NONE
Hono: Cookie Attribute Injection via Unsanitized domain and path in setCookie()
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4.
References
-
https://github.com/honojs/hono/security/advisories/GHSA-5pq2-9x2x-5p6w x_refsource_CONFIRM
Affected products
- ==< 4.12.4
Matching in nixpkgs
pkgs.libsForQt5.phonon
Multimedia API for Qt
pkgs.kdePackages.phonon
Multi-platform sound framework for application developers
pkgs.kdePackages.phonon-vlc
VLC backend for the Phonon multimedia library
pkgs.plasma5Packages.phonon
Multimedia API for Qt
pkgs.typstPackages.phonokit
A toolkit to create phonological representations
pkgs.python312Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python313Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python314Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.typstPackages.phonokit_0_0_1
Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories
pkgs.typstPackages.phonokit_0_2_0
Create phonological representations
pkgs.typstPackages.phonokit_0_3_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_7
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_0
A toolkit to create phonological representations
pkgs.libsForQt5.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.python312Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
pkgs.python313Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.python314Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.plasma5Packages.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.libsForQt5.phonon-backend-gstreamer
GStreamer backend for Phonon
Package maintainers
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@K900 Ilya K. <me@0upti.me>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@PsyanticY Psyanticy <iuns@outlook.fr>
-
@CHN-beta Haonan Chen <chn@chn.moe>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth