Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestions search

All statuses
Filter by:
With package: yelp-xsl

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2025-3155
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 year ago by @LeSuisse Activity log
  • Created automatic suggestion 1 year ago
  • @LeSuisse dismissed 1 year ago
Yelp: arbitrary file read

A flaw was found in Yelp. The Gnome user help application allows the help document to execute arbitrary scripts. This vulnerability allows malicious users to input help documents, which may exfiltrate user files to an external environment.

References

Affected products

yelp
  • *
  • <42.2-8
yelp-xsl
  • *

Matching in nixpkgs

pkgs.yelp

Help viewer in Gnome

  • nixos-unstable 42.2
    • nixpkgs-unstable 42.2
    • nixos-unstable-small 42.2

pkgs.yelp-xsl

Yelp's universal stylesheets for Mallard and DocBook

  • nixos-unstable 42.1
    • nixpkgs-unstable 42.1
    • nixos-unstable-small 42.1

pkgs.yelp-tools

Small programs that help you create, edit, manage, and publish your Mallard or DocBook documentation

  • nixos-unstable 42.1
    • nixpkgs-unstable 42.1
    • nixos-unstable-small 42.1

Package maintainers