Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

Untriaged

Filter by:

With package: xml-security-c

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-32600

8.2 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 month ago

xml-security is Missing AES-GCM Authentication Tag Validation on Encrypted Nodes Allows for Unauthorized Decryption

xml-security is a library that implements XML signatures and encryption. Prior to 2.3.1, XML nodes encrypted with either aes-128-gcm, aes-192-gcm, or aes-256-gcm lack validation of the authentication tag length. An attacker can use this to brute-force an authentication tag, recover the GHASH key, and decrypt the encrypted nodes. It also allows to forge arbitrary ciphertexts without knowing the encryption key. This vulnerability is fixed in 2.3.1.

References

https://github.com/simplesamlphp/xml-security/security/advisories/GHSA-r353-4845-pr5p x_refsource_CONFIRM
https://github.com/simplesamlphp/xml-security/commit/fdc12449e959c610943f9fd428e95e3832d74c25 x_refsource_MISC

Affected products

xml-security

==< 2.3.1

Matching in nixpkgs

pkgs.xml-security-c

C++ Implementation of W3C security standards for XML

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.11 3.0.0
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

Package maintainers

@jagajaga Arseniy Seroka <ars.seroka@gmail.com>

Permalink CVE-2024-12840

5.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year, 3 months ago

Http proxies: satellite: service side request forgery in http proxies

A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner.

References

https://access.redhat.com/security/cve/CVE-2024-12840 vdb-entryx_refsource_REDHAT
RHBZ#2333494 x_refsource_REDHATissue-tracking

Affected products

security

Matching in nixpkgs

pkgs.job-security

Job control from anywhere

nixos-unstable 0-unstable-2024-04-07
- nixpkgs-unstable 0-unstable-2024-04-07
- nixos-unstable-small 0-unstable-2024-04-07

pkgs.libmodsecurity

ModSecurity v3 library component.

nixos-unstable 3.0.13
- nixpkgs-unstable 3.0.13
- nixos-unstable-small 3.0.13

pkgs.xml-security-c

C++ Implementation of W3C security standards for XML

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0

pkgs.modsecurity-crs

The OWASP ModSecurity Core Rule Set is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls.

nixos-unstable 3.3.4
- nixpkgs-unstable 3.3.4
- nixos-unstable-small 3.3.4

pkgs.modsecurity_standalone

Open source, cross-platform web application firewall (WAF)

nixos-unstable 2.9.7
- nixpkgs-unstable 2.9.7
- nixos-unstable-small 2.9.7

pkgs.haskellPackages.hackage-security

Hackage security library

nixos-unstable 0.6.2.4
- nixpkgs-unstable 0.6.2.4
- nixos-unstable-small 0.6.2.4

pkgs.python311Packages.flask-security

Quickly add security features to your Flask application

nixos-unstable 5.5.2
- nixpkgs-unstable 5.5.2
- nixos-unstable-small 5.5.2

pkgs.python312Packages.flask-security

Quickly add security features to your Flask application

nixos-unstable 5.5.2
- nixpkgs-unstable 5.5.2
- nixos-unstable-small 5.5.2

pkgs.python311Packages.securityreporter

Python wrapper for the Reporter API

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.python312Packages.securityreporter

Python wrapper for the Reporter API

nixos-unstable 1.2.0
- nixpkgs-unstable 1.2.0
- nixos-unstable-small 1.2.0

pkgs.haskellPackages.amazonka-securityhub

Amazon SecurityHub SDK

nixos-unstable 2.0
- nixpkgs-unstable 2.0
- nixos-unstable-small 2.0

pkgs.haskellPackages.amazonka-securitylake

Amazon Security Lake SDK

nixos-unstable 2.0
- nixpkgs-unstable 2.0
- nixos-unstable-small 2.0

pkgs.haskellPackages.hackage-security-HTTP

Hackage security bindings against the HTTP library

nixos-unstable 0.1.1.2
- nixpkgs-unstable 0.1.1.2
- nixos-unstable-small 0.1.1.2

pkgs.python311Packages.azure-mgmt-security

Microsoft Azure Security Center Management Client Library for Python

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.python312Packages.azure-mgmt-security

Microsoft Azure Security Center Management Client Library for Python

nixos-unstable 7.0.0
- nixpkgs-unstable 7.0.0
- nixos-unstable-small 7.0.0

pkgs.python311Packages.mypy-boto3-securityhub

Type annotations for boto3 securityhub

nixos-unstable boto3-securityhub-1.35.72
- nixpkgs-unstable boto3-securityhub-1.35.72
- nixos-unstable-small boto3-securityhub-1.35.72

pkgs.python312Packages.mypy-boto3-securityhub

Type annotations for boto3 securityhub

nixos-unstable boto3-securityhub-1.35.72
- nixpkgs-unstable boto3-securityhub-1.35.72
- nixos-unstable-small boto3-securityhub-1.35.72

pkgs.python311Packages.mypy-boto3-securitylake

Type annotations for boto3 securitylake

nixos-unstable boto3-securitylake-1.35.40
- nixpkgs-unstable boto3-securitylake-1.35.40
- nixos-unstable-small boto3-securitylake-1.35.40

pkgs.python312Packages.mypy-boto3-securitylake

Type annotations for boto3 securitylake

nixos-unstable boto3-securitylake-1.35.40
- nixpkgs-unstable boto3-securitylake-1.35.40
- nixos-unstable-small boto3-securitylake-1.35.40

pkgs.pantheon.switchboard-plug-security-privacy

Switchboard Security & Privacy Plug

nixos-unstable 8.0.0
- nixpkgs-unstable 8.0.0
- nixos-unstable-small 8.0.0

pkgs.python311Packages.google-cloud-securitycenter

Cloud Security Command Center API API client library

nixos-unstable 1.35.1
- nixpkgs-unstable 1.35.1
- nixos-unstable-small 1.35.1

pkgs.python312Packages.google-cloud-securitycenter

Cloud Security Command Center API API client library

nixos-unstable 1.35.1
- nixpkgs-unstable 1.35.1
- nixos-unstable-small 1.35.1

pkgs.azure-cli-extensions.hardware-security-modules

Microsoft Azure Command-Line Tools AzureDedicatedHSMResourceProvider Extension

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0

pkgs.python311Packages.mypy-boto3-codeguru-security

Type annotations for boto3 codeguru-security

nixos-unstable boto3-codeguru-security-1.35.0
- nixpkgs-unstable boto3-codeguru-security-1.35.0
- nixos-unstable-small boto3-codeguru-security-1.35.0

pkgs.python312Packages.mypy-boto3-codeguru-security

Type annotations for boto3 codeguru-security

nixos-unstable boto3-codeguru-security-1.35.0
- nixpkgs-unstable boto3-codeguru-security-1.35.0
- nixos-unstable-small boto3-codeguru-security-1.35.0

pkgs.python311Packages.types-aiobotocore-securityhub

Type annotations for aiobotocore securityhub

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.python312Packages.types-aiobotocore-securityhub

Type annotations for aiobotocore securityhub

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.python311Packages.types-aiobotocore-securitylake

Type annotations for aiobotocore securitylake

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.python312Packages.types-aiobotocore-securitylake

Type annotations for aiobotocore securitylake

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.python311Packages.google-cloud-websecurityscanner

Google Cloud Web Security Scanner API client library

nixos-unstable 1.15.1
- nixpkgs-unstable 1.15.1
- nixos-unstable-small 1.15.1

pkgs.python312Packages.google-cloud-websecurityscanner

Google Cloud Web Security Scanner API client library

nixos-unstable 1.15.1
- nixpkgs-unstable 1.15.1
- nixos-unstable-small 1.15.1

pkgs.python311Packages.types-aiobotocore-codeguru-security

Type annotations for aiobotocore codeguru-security

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.python312Packages.types-aiobotocore-codeguru-security

Type annotations for aiobotocore codeguru-security

nixos-unstable 2.15.2
- nixpkgs-unstable 2.15.2
- nixos-unstable-small 2.15.2

pkgs.gnomeExtensions.arch-linux-updates-and-security-indicator

Update indicator for Arch Linux and GNOME Shell.

nixos-unstable 2
- nixpkgs-unstable 2
- nixos-unstable-small 2

pkgs.python311Packages.microsoft-security-utilities-secret-masker

A tool for detecting and masking secrets

nixos-unstable 1.0.0b3
- nixpkgs-unstable 1.0.0b3
- nixos-unstable-small 1.0.0b3

pkgs.python312Packages.microsoft-security-utilities-secret-masker

A tool for detecting and masking secrets

nixos-unstable 1.0.0b3
- nixpkgs-unstable 1.0.0b3
- nixos-unstable-small 1.0.0b3

Package maintainers

@katexochen Paul Meyer <katexochen0@gmail.com>
@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
@honnip Jung seungwoo <me@honnip.page>
@fgaz Francesco Gazzetta <fgaz@fgaz.me>
@Izorkin Yurii Izorkin <Izorkin@gmail.com>
@offlinehacker Jaka Hudoklin <jaka@x-truder.net>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@davidak David Kleuker <post@davidak.de>
@gador Florian Brandes <florian.brandes@posteo.de>
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@jagajaga Arseniy Seroka <ars.seroka@gmail.com>

1