Nixpkgs security tracker
Untriaged
Zammad has a server-side template injection leading to RCE via AI Agent
Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1, a server-side template injection vulnerability which leads to RCE via AI Agent exists. Impact is limited to environments where an attacker can control or influence type_enrichment_data (typically high-privilege administrative configuration). This vulnerability is fixed in 7.0.1.
References
-
https://github.com/zammad/zammad/security/advisories/GHSA-fg9w-jg8f-4j94 x_refsource_CONFIRM
Affected products
zammad
- ==>= 7.0.0, < 7.0.1
Matching in nixpkgs
pkgs.zammad
Zammad, a web-based, open source user support/ticketing solution
pkgs.python312Packages.zammad-py
Python API client for accessing zammad REST API
pkgs.python313Packages.zammad-py
Python API client for accessing zammad REST API
pkgs.python314Packages.zammad-py
Python API client for accessing zammad REST API
Package maintainers
-
@Radvendii Taeer Bar-Yam <taeer@necsi.edu>
-
@NetaliDev Jennifer Graul <me@netali.de>
-
@mweinelt Martin Weinelt <hexa@darmstadt.ccc.de>