Nixpkgs security tracker
Hono has a path traversal in toSSG() allows writing files outside the output directory
Hono is a Web application framework that provides support for any JavaScript runtime. Prior to 4.12.12, a path traversal issue in toSSG() allows files to be written outside the configured output directory during static site generation. When using dynamic route parameters via ssgParams, specially crafted values can cause generated file paths to escape the intended output directory. This vulnerability is fixed in 4.12.12.
References
-
https://github.com/honojs/hono/security/advisories/GHSA-xf4j-xp2r-rqqx x_refsource_CONFIRM
-
https://github.com/honojs/hono/releases/tag/v4.12.12 x_refsource_MISC
Affected products
- ==< 4.12.12
Matching in nixpkgs
pkgs.libsForQt5.phonon
Multimedia API for Qt
pkgs.kdePackages.phonon
Multi-platform sound framework for application developers
pkgs.kdePackages.phonon-vlc
VLC backend for the Phonon multimedia library
pkgs.plasma5Packages.phonon
Multimedia API for Qt
pkgs.typstPackages.phonokit
A toolkit to create phonological representations
pkgs.python312Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python313Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.python314Packages.phonopy
Modulefor phonon calculations at harmonic and quasi-harmonic levels
pkgs.typstPackages.phonokit_0_0_1
Phonology toolkit: IPA transcription (tipa-style), prosodic structures, vowel/consonant charts with language inventories
pkgs.typstPackages.phonokit_0_2_0
Create phonological representations
pkgs.typstPackages.phonokit_0_3_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_3_7
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_1
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_5
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_4_6
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_0
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_1
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_2
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_3
A toolkit to create phonological representations
pkgs.typstPackages.phonokit_0_5_4
A toolkit to create phonological representations
pkgs.libsForQt5.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.python312Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
pkgs.python313Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.python314Packages.pythonocc-core
Python wrapper for the OpenCASCADE 3D modeling kernel
-
nixos-unstable 7.9.0-unstable-2025-12-31
- nixpkgs-unstable 7.9.0-unstable-2025-12-31
- nixos-unstable-small 7.9.0-unstable-2025-12-31
pkgs.plasma5Packages.phonon-backend-vlc
GStreamer backend for Phonon
pkgs.libsForQt5.phonon-backend-gstreamer
GStreamer backend for Phonon
Package maintainers
-
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
-
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
-
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
-
@K900 Ilya K. <me@0upti.me>
-
@mjm Matt Moriarity <matt@mattmoriarity.com>
-
@NickCao Nick Cao <nickcao@nichi.co>
-
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
-
@PsyanticY Psyanticy <iuns@outlook.fr>
-
@CHN-beta Haonan Chen <chn@chn.moe>
-
@cherrypiejam Gongqi Huang
-
@RossSmyth Ross Smyth