Nixpkgs security tracker

Untriaged

Permalink CVE-2023-4136

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year, 2 months ago

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Crafter Engine

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.

References

Affected products

Engine

=<3.1.27
=<4.0.2

Matching in nixpkgs

pkgs.haskellPackages.Control-Engine

A parallel producer/consumer engine (thread pool)

nixos-unstable 1.1.0.1
- nixpkgs-unstable 1.1.0.1
- nixos-unstable-small 1.1.0.1

pkgs.perl538Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl540Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl538Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1

pkgs.perl540Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1

Accepted

Permalink CVE-2025-0502

updated 1 year, 2 months ago by @Erethon Activity log

Created automatic suggestion 1 year, 2 months ago
@Erethon accepted 1 year, 2 months ago

Transmission of Private Resources into a New Sphere in Crafter Engine

Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6.

References

https://craftercms.com/docs/current/security/advisory.html#cv-2025011501

Affected products

Engine

<4.0.8
<4.1.6

Matching in nixpkgs

pkgs.haskellPackages.Control-Engine

A parallel producer/consumer engine (thread pool)

nixos-unstable 1.1.0.1
- nixpkgs-unstable 1.1.0.1
- nixos-unstable-small 1.1.0.1

pkgs.perl538Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl540Packages.XMLXPathEngine

Re-usable XPath engine for DOM-like trees

nixos-unstable 0.14
- nixpkgs-unstable 0.14
- nixos-unstable-small 0.14

pkgs.perl538Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1

pkgs.perl540Packages.ZonemasterEngine

Tool to check the quality of a DNS zone

nixos-unstable 4.6.1
- nixpkgs-unstable 4.6.1
- nixos-unstable-small 4.6.1

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.Control-Engine

pkgs.perl538Packages.XMLXPathEngine

pkgs.perl540Packages.XMLXPathEngine

pkgs.perl538Packages.ZonemasterEngine

pkgs.perl540Packages.ZonemasterEngine

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.Control-Engine

pkgs.perl538Packages.XMLXPathEngine

pkgs.perl540Packages.XMLXPathEngine

pkgs.perl538Packages.ZonemasterEngine

pkgs.perl540Packages.ZonemasterEngine