Nixpkgs security tracker
Known affected by Account Takeover via Password Reset Token Leakage
Known is a social publishing platform. Prior to 1.6.3, a Critical Broken Authentication vulnerability exists in Known 1.6.2 and earlier. The application leaks the password reset token within a hidden HTML input field on the password reset page. This allows any unauthenticated attacker to retrieve the reset token for any user by simply querying the user's email, leading to full Account Takeover (ATO) without requiring access to the victim's email inbox. This vulnerability is fixed in 1.6.3.
References
-
https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r x_refsource_CONFIRM
-
https://github.com/idno/known/releases/tag/1.6.3 x_refsource_MISC
-
https://github.com/idno/known/security/advisories/GHSA-78wq-6gcv-w28r x_refsource_CONFIRM
-
https://github.com/idno/known/releases/tag/1.6.3 x_refsource_MISC
Affected products
- ==< 1.6.3
Matching in nixpkgs
pkgs.nim
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.nnd
Debugger for Linux
-
nixos-unstable x86_64-unknown-linux-musl-0.38
- nixpkgs-unstable x86_64-unknown-linux-musl-0.69
- nixos-unstable-small x86_64-unknown-linux-musl-0.69
-
nixos-25.11 x86_64-unknown-linux-musl-0.59
- nixos-25.11-small x86_64-unknown-linux-musl-0.59
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-0.59
pkgs.nim1
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.nim2
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.nim-1_0
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.nim-2_0
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.nim-2_2
Statically typed, imperative programming language (aarch64-unknown-linux-gnu wrapper)
pkgs.lixStatic
Powerful package manager that makes package management reliable and reproducible
-
nixos-unstable x86_64-unknown-linux-musl-2.91.3
- nixpkgs-unstable x86_64-unknown-linux-musl-2.94.0
- nixos-unstable-small x86_64-unknown-linux-musl-2.94.0
-
nixos-25.11 x86_64-unknown-linux-musl-2.93.3
- nixos-25.11-small x86_64-unknown-linux-musl-2.93.3
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-2.93.3
pkgs.nixStatic
Powerful package manager that makes package management reliable and reproducible
-
nixos-unstable x86_64-unknown-linux-musl-2.28.4
- nixpkgs-unstable x86_64-unknown-linux-musl-2.31.3
- nixos-unstable-small x86_64-unknown-linux-musl-2.31.3
-
nixos-25.11 x86_64-unknown-linux-musl-2.31.2
- nixos-25.11-small x86_64-unknown-linux-musl-2.31.2
- nixpkgs-25.11-darwin x86_64-unknown-linux-musl-2.31.2
pkgs.haskellPackages.ssh-known-hosts
Read and interpret the SSH known-hosts file
Package maintainers
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>
-
@lf- Jade Lovelace
-
@Qyriad Qyriad <qyriad@qyriad.me>
-
@9999years Rebecca Turner <rbt@fastmail.com>
-
@alois31 Alois Wohlschlager <alois1@gmx-topmail.de>
-
@Eveeifyeve Eveeifyeve <eveeg1971@gmail.com>
-
@ehmry Emery Hemingway <ehmry@posteo.net>
-
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
-
@edolstra Eelco Dolstra <edolstra+nixpkgs@gmail.com>
-
@Mic92 Jörg Thalheim <joerg@thalheim.io>
-
@roberth Robert Hensing <nixpkgs@roberthensing.nl>
-
@Artturin Artturi N <artturin@artturin.com>
-
@tomberek Thomas Bereknyei <tomberek@gmail.com>
-
@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
-
@Sinjin2300 Sinjin
-
@eclairevoyant éclairevoyant
-
@daylinmorgan Daylin Morgan <daylinmorgan@gmail.com>