Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: python313Packages.devito

Found 1 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-29789

10.0 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 month, 1 week ago

Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification

Vito is a self-hosted web application that helps manage servers and deploy PHP applications into production servers. Prior to version 3.20.3, a missing authorization check in workflow site-creation actions allows an authenticated attacker with workflow write access in one project to create/manage sites on servers belonging to other projects by supplying a foreign server_id. This issue has been patched in version 3.20.3.

References

https://github.com/vitodeploy/vito/security/advisories/GHSA-3m6w-8qh4-qr76 x_refsource_CONFIRM
https://github.com/vitodeploy/vito/pull/1036 x_refsource_MISC
https://github.com/vitodeploy/vito/commit/0fdcfe5f0b93da644a0456e0e4544763828e3326 x_refsource_MISC
https://github.com/vitodeploy/vito/releases/tag/3.20.3 x_refsource_MISC

Affected products

vito

==< 3.20.3

Matching in nixpkgs

pkgs.ovito

Scientific visualization and analysis software for atomistic and particle simulation data

nixos-unstable 3.14.1
- nixpkgs-unstable 3.14.1
- nixos-unstable-small 3.14.1
nixos-25.11 3.14.1
- nixos-25.11-small 3.14.1
- nixpkgs-25.11-darwin 3.14.1

pkgs.nvitop

Interactive NVIDIA-GPU process viewer, the one-stop solution for GPU process management

nixos-unstable 1.6.2
- nixpkgs-unstable 1.6.2
- nixos-unstable-small 1.6.2
nixos-25.11 1.6.0
- nixos-25.11-small 1.6.0
- nixpkgs-25.11-darwin 1.6.0

pkgs.python312Packages.devito

Code generation framework for automated finite difference computation

nixos-25.11 4.8.19
- nixos-25.11-small 4.8.19
- nixpkgs-25.11-darwin 4.8.19

pkgs.python313Packages.devito

Code generation framework for automated finite difference computation

nixos-unstable 4.8.20
- nixpkgs-unstable 4.8.20
- nixos-unstable-small 4.8.20
nixos-25.11 4.8.19
- nixos-25.11-small 4.8.19
- nixpkgs-25.11-darwin 4.8.19

pkgs.python314Packages.devito

Code generation framework for automated finite difference computation

nixos-unstable 4.8.20
- nixpkgs-unstable 4.8.20
- nixos-unstable-small 4.8.20

Package maintainers

@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
@twhitehead Tyson Whitehead <twhitehead@gmail.com>
@CHN-beta Haonan Chen <chn@chn.moe>
@AtilaSaraiva Átila Saraiva <atilasaraiva@gmail.com>

1