Nixpkgs security tracker
3.5 LOW
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
Activity log
- Created suggestion
busy Callback app.js redirect
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the file source-code/busy-master/src/server/app.js of the component Callback Handler. Executing a manipulation of the argument state can lead to open redirect. It is possible to launch the attack remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.
References
-
-
-
Submit #753299 | busyorg busy <=2.5.5 Open Redirect third-party-advisory
-
https://github.com/busyorg/busy/issues/2287 issue-tracking
-
Affected products
- ==2.5.3
- ==2.5.4
- ==2.5.1
- ==2.5.5
- ==2.5.0
- ==2.5.2
Matching in nixpkgs
pkgs.busybox
Tiny versions of common UNIX utilities in a single small executable
pkgs.gobusybox
Tools for compiling many Go commands into one binary to save space
-
nixos-unstable 0.2.0-unstable-2024-03-05
- nixpkgs-unstable 0.2.0-unstable-2024-03-05
- nixos-unstable-small 0.2.0-unstable-2024-03-05
-
nixos-25.11 0.2.0-unstable-2024-03-05
- nixos-25.11-small 0.2.0-unstable-2024-03-05
- nixpkgs-25.11-darwin 0.2.0-unstable-2024-03-05
pkgs.busybox-sandbox-shell
Tiny versions of common UNIX utilities in a single small executable
pkgs.python312Packages.busypie
Expressive busy wait for Python
pkgs.python313Packages.busypie
Expressive busy wait for Python
pkgs.python314Packages.busypie
Expressive busy wait for Python
pkgs.minimal-bootstrap.busybox-static
Tiny versions of common UNIX utilities in a single small executable
pkgs.python312Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python313Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python314Packages.busylight-core
Library for interacting programmatically with USB-connected LED lights
pkgs.python312Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API
pkgs.python313Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API
pkgs.python314Packages.busylight-for-humans
Control USB connected presence lights from multiple vendors via the command-line or web API
Package maintainers
-
@TethysSvensson Tethys Svensson <freaken@freaken.dk>
-
@alyssais Alyssa Ross <hi@alyssa.is>
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@Conni2461 Simon Hauser <simon-hauser@outlook.com>
-
@helsinki-Jo Joachim Ernst <joachim.ernst@helsinki-systems.de>
-
@dasJ Janne Heß <janne@hess.ooo>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>
-
@emilytrau Emily Trau <emily+nix@downunderctf.com>
-
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>
-
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
-
@Artturin Artturi N <artturin@artturin.com>
-
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
-
@pyrox0 Pyrox <pyrox@pyrox.dev>