Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: haskellPackages.distributed-process-client-server

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-23528

created 3 months ago

Dask distributed Vulnerable to Remote Code Execution via Jupyter Proxy and Dashboard

Dask distributed is a distributed task scheduler for Dask. Prior to 2026.1.0, when Jupyter Lab, jupyter-server-proxy, and Dask distributed are all run together, it is possible to craft a URL which will result in code being executed by Jupyter due to a cross-side-scripting (XSS) bug in the Dask dashboard. It is possible for attackers to craft a phishing URL that assumes Jupyter Lab and Dask may be running on localhost and using default ports. If a user clicks on the malicious link it will open an error page in the Dask Dashboard via the Jupyter Lab proxy which will cause code to be executed by the default Jupyter Python kernel. This vulnerability is fixed in 2026.1.0.

References

https://github.com/dask/distributed/security/advisories/GHSA-c336-7962-wfj2 x_refsource_CONFIRM
https://github.com/dask/distributed/commit/ab72092a8a938923c2bb51a2cd14ca26614827fa x_refsource_MISC

Affected products

distributed

==< 2026.1.0

Matching in nixpkgs

pkgs.github-distributed-owners

Generate GitHub CODEOWNERS files from OWNERS files distributed through the file tree

nixos-unstable 0.1.11
- nixpkgs-unstable 0.1.11
- nixos-unstable-small 0.1.11
nixos-25.11 0.1.11
- nixpkgs-25.11-darwin 0.1.11

pkgs.python312Packages.distributed

Distributed computation in Python

nixos-unstable 2025.3.0
- nixpkgs-unstable 2025.3.0
- nixos-unstable-small 2025.3.0
nixos-25.11 2025.11.0
- nixpkgs-25.11-darwin 2025.11.0

pkgs.python313Packages.distributed

Distributed computation in Python

nixos-unstable 2025.3.0
- nixpkgs-unstable 2025.3.0
- nixos-unstable-small 2025.3.0
nixos-25.11 2025.11.0
- nixpkgs-25.11-darwin 2025.11.0

pkgs.haskellPackages.distributed-fork

Like 'forkIO', but uses remote machines instead of local threads

nixos-unstable 0.0.1.3
- nixpkgs-unstable 0.0.1.3
- nixos-unstable-small 0.0.1.3
nixos-25.11 0.0.1.3
- nixpkgs-25.11-darwin 0.0.1.3

pkgs.haskellPackages.aivika-distributed

Parallel distributed discrete event simulation module for the Aivika library

nixos-unstable 1.5.1
- nixpkgs-unstable 1.5.1
- nixos-unstable-small 1.5.1
nixos-25.11 1.5.1
- nixpkgs-25.11-darwin 1.5.1

pkgs.haskellPackages.distributed-static

Compositional, type-safe, polymorphic static values and closures

nixos-unstable 0.3.11
- nixpkgs-unstable 0.3.11
- nixos-unstable-small 0.3.11
nixos-25.11 0.3.11
- nixpkgs-25.11-darwin 0.3.11

pkgs.haskellPackages.distributed-closure

Serializable closures for distributed programming

nixos-unstable 0.5.0.0
- nixpkgs-unstable 0.5.0.0
- nixos-unstable-small 0.5.0.0
nixos-25.11 0.5.0.0
- nixpkgs-25.11-darwin 0.5.0.0

pkgs.haskellPackages.distributed-process

Cloud Haskell: Erlang-style concurrency in Haskell

nixos-unstable 0.7.8
- nixpkgs-unstable 0.7.8
- nixos-unstable-small 0.7.8
nixos-25.11 0.7.8
- nixpkgs-25.11-darwin 0.7.8

pkgs.haskellPackages.powerqueue-distributed

A distributed worker backend for powerqueu

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0
nixos-25.11 0.1.0.0
- nixpkgs-25.11-darwin 0.1.0.0

pkgs.haskellPackages.distributed-process-ekg

Collect node stats for EKG

nixos-unstable 0.1.1.0
- nixpkgs-unstable 0.1.1.0
- nixos-unstable-small 0.1.1.0
nixos-25.11 0.1.1.0
- nixpkgs-25.11-darwin 0.1.1.0

pkgs.haskellPackages.distributed-process-async

Cloud Haskell Async API

nixos-unstable 0.2.11
- nixpkgs-unstable 0.2.11
- nixos-unstable-small 0.2.11
nixos-25.11 0.2.11
- nixpkgs-25.11-darwin 0.2.11

pkgs.haskellPackages.distributed-process-tests

Tests and test support tools for distributed-process

nixos-unstable 0.5.2
- nixpkgs-unstable 0.5.2
- nixos-unstable-small 0.5.2
nixos-25.11 0.5.2
- nixpkgs-25.11-darwin 0.5.2

pkgs.haskellPackages.distributed-process-extras

Cloud Haskell Extras

nixos-unstable 0.3.9
- nixpkgs-unstable 0.3.9
- nixos-unstable-small 0.3.9
nixos-25.11 0.3.9
- nixpkgs-25.11-darwin 0.3.9

pkgs.haskellPackages.distributed-process-systest

Cloud Haskell Test Support

nixos-unstable 0.4.2
- nixpkgs-unstable 0.4.2
- nixos-unstable-small 0.4.2
nixos-25.11 0.4.2
- nixpkgs-25.11-darwin 0.4.2

pkgs.haskellPackages.distributed-process-execution

Execution Framework for The Cloud Haskell Application Platform

nixos-unstable 0.1.5.0
- nixpkgs-unstable 0.1.5.0
- nixos-unstable-small 0.1.5.0
nixos-25.11 0.1.5.0
- nixpkgs-25.11-darwin 0.1.5.0

pkgs.haskellPackages.distributed-process-supervisor

Supervisors for The Cloud Haskell Application Platform

nixos-unstable 0.2.4
- nixpkgs-unstable 0.2.4
- nixos-unstable-small 0.2.4
nixos-25.11 0.2.4
- nixpkgs-25.11-darwin 0.2.4

pkgs.haskellPackages.distributed-process-client-server

The Cloud Haskell Application Platform

nixos-unstable 0.2.8.0
- nixpkgs-unstable 0.2.8.0
- nixos-unstable-small 0.2.8.0
nixos-25.11 0.2.8.0
- nixpkgs-25.11-darwin 0.2.8.0

pkgs.haskellPackages.distributed-process-monad-control

Orphan instances for MonadBase and MonadBaseControl

nixos-unstable 0.5.1.3
- nixpkgs-unstable 0.5.1.3
- nixos-unstable-small 0.5.1.3
nixos-25.11 0.5.1.3
- nixpkgs-25.11-darwin 0.5.1.3

Package maintainers

@cameroncuttingedge Cameron Byte <buckets-taxiway5l@icloud.com>
@teh Tom Hunger <tehunger@gmail.com>

1