Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Automatically generated suggestions

to slate a suggestion for refinement.

to mark a suggestion as irrelevant and log the reason.

View:

Compact

Detailed

Permalink CVE-2025-28916

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year ago

WordPress Docpro plugin <= 2.0.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound Docpro allows PHP Local File Inclusion. This issue affects Docpro: from n/a through 2.0.1.

References

https://patchstack.com/database/wordpress/plugin/docpro/vulnerability/wordpress… vdb-entry

Affected products

docpro

=<2.0.1

Matching in nixpkgs

pkgs.python311Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.python312Packages.jupyter-docprovider

JupyterLab/Jupyter Notebook 7+ extension integrating collaborative shared models

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

Package maintainers

@natsukium Tomoya Otabi <nixpkgs@natsukium.com>
@thomasjm Tom McLaughlin <tom@codedown.io>
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>

Permalink CVE-2025-28873

8.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): LOW

created 1 year ago

WordPress Shuffle plugin <= 0.5 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Shuffle allows Blind SQL Injection. This issue affects Shuffle: from n/a through 0.5.

References

https://patchstack.com/database/wordpress/plugin/shuffle/vulnerability/wordpres… vdb-entry

Affected products

shuffle

=<0.5

Matching in nixpkgs

pkgs.ashuffle

Automatic library-wide shuffle for mpd

nixos-unstable 3.14.8
- nixpkgs-unstable 3.14.8
- nixos-unstable-small 3.14.8

pkgs.linuxPackages.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.haskellPackages.pure-shuffle

None

nixos-unstable 0.1.1.1
- nixpkgs-unstable 0.1.1.1
- nixos-unstable-small 0.1.1.1

pkgs.linuxPackages_lqx.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_zen.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.haskellPackages.random-shuffle

Random shuffle implementation

nixos-unstable 0.0.4
- nixpkgs-unstable 0.0.4
- nixos-unstable-small 0.0.4

pkgs.linuxPackages-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_latest.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_xanmod.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_6_1_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_latest-libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_6_11_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxPackages_xanmod_stable.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_6.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_12.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -

pkgs.linuxKernel.packages.linux_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_1_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_latest_libre.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

pkgs.linuxKernel.packages.linux_6_11_hardened.shufflecake

Plausible deniability (hidden storage) layer for Linux

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

Package maintainers

@tcbravo Tomas Bravo <tomas.bravo@protonmail.ch>
@oluceps oluceps <nixos@oluceps.uk>

Permalink CVE-2024-47516

9.8 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year ago

Pagure: argument injection in pagurerepo.log()

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance.

References

https://access.redhat.com/security/cve/CVE-2024-47516 vdb-entryx_refsource_REDHAT
RHBZ#2315805 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-47516 vdb-entryx_refsource_REDHAT
RHBZ#2315805 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-47516 vdb-entryx_refsource_REDHAT
RHBZ#2315805 x_refsource_REDHATissue-tracking
https://access.redhat.com/security/cve/CVE-2024-47516 vdb-entryx_refsource_REDHAT
RHBZ#2315805 x_refsource_REDHATissue-tracking

Affected products

pagure

==5.14.1

Matching in nixpkgs

pkgs.haskellPackages.pagure

Pagure REST client library

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2

pkgs.haskellPackages.pagure-cli

Pagure client

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

Permalink CVE-2025-30595

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year ago

WordPress include-file - <= <= 1 Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tstafford include-file allows Stored XSS. This issue affects include-file: from n/a through 1.

References

https://patchstack.com/database/wordpress/plugin/include-file/vulnerability/wor… vdb-entry

Affected products

include-file

=<1

Matching in nixpkgs

pkgs.haskellPackages.include-file

Inclusion of files in executables at compile-time

nixos-unstable 0.1.0.4
- nixpkgs-unstable 0.1.0.4
- nixos-unstable-small 0.1.0.4

Permalink CVE-2025-30617

4.3 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year ago

WordPress Rewrite - <= <= 0.2.1 Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in takien Rewrite allows Cross Site Request Forgery. This issue affects Rewrite: from n/a through 0.2.1.

References

https://patchstack.com/database/wordpress/plugin/rewrite/vulnerability/wordpres… vdb-entry

Affected products

rewrite

=<0.2.1

Matching in nixpkgs

pkgs.rewritefs

A FUSE filesystem intended to be used like Apache mod_rewrite

nixos-unstable 2021-10-03
- nixpkgs-unstable 2021-10-03
- nixos-unstable-small 2021-10-03

pkgs.wipeout-rewrite

Re-implementation of the 1995 PSX game wipEout

nixos-unstable 0-unstable-2024-11-09
- nixpkgs-unstable 0-unstable-2024-11-09
- nixos-unstable-small 0-unstable-2024-11-09

pkgs.darwin.rewrite-tbd

Rewrite filepath in .tbd to Nix applicable format

nixos-unstable 2023-03-27
- nixpkgs-unstable 2023-03-27
- nixos-unstable-small 2023-03-27

pkgs.haskellPackages.rest-rewrite

Rewriting library with online termination checking

nixos-unstable 0.4.4
- nixpkgs-unstable 0.4.4
- nixos-unstable-small 0.4.4

pkgs.rubyPackages.cocoapods-git_url_rewriter

None

nixos-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.rubyPackages_3_1.cocoapods-git_url_rewriter

None

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.rubyPackages_3_2.cocoapods-git_url_rewriter

None

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.rubyPackages_3_3.cocoapods-git_url_rewriter

None

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

pkgs.rubyPackages_3_4.cocoapods-git_url_rewriter

None

nixos-unstable 1.0.1
- nixpkgs-unstable 1.0.1
- nixos-unstable-small 1.0.1

Package maintainers

@tbidne Thomas Bidne <tbidne@protonmail.com>
@rnhmjoj Michele Guerini Rocco <rnhmjoj@inventati.org>
@OPNA2608 Cosima Neidahl <opna2608@protonmail.com>

Permalink CVE-2025-30621

7.1 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): LOW

created 1 year ago

WordPress Translator plugin <= 0.3 - CSRF to Stored XSS vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in kornelly Translator allows Stored XSS. This issue affects Translator: from n/a through 0.3.

References

https://patchstack.com/database/wordpress/plugin/translator/vulnerability/wordp… vdb-entry

Affected products

translator

=<0.3

Matching in nixpkgs

pkgs.gtranslator

GNOME translation making program

nixos-unstable 47.1
- nixpkgs-unstable 47.1
- nixos-unstable-small 47.1

pkgs.deep-translator

Python tool to translate between different languages by using multiple translators

nixos-unstable 1.11.4
- nixpkgs-unstable 1.11.4
- nixos-unstable-small 1.11.4

pkgs.krunner-translator

Plugin for KRunner which integrates a translator, supports Google Translate, Bing Translator, youdao and Baidu Fanyi

nixos-unstable 1.5.0
- nixpkgs-unstable 1.5.0
- nixos-unstable-small 1.5.0

pkgs.python311Packages.deep-translator

Python tool to translate between different languages by using multiple translators

nixos-unstable 1.11.4
- nixpkgs-unstable 1.11.4
- nixos-unstable-small 1.11.4

pkgs.python312Packages.deep-translator

Python tool to translate between different languages by using multiple translators

nixos-unstable 1.11.4
- nixpkgs-unstable 1.11.4
- nixos-unstable-small 1.11.4

pkgs.azure-cli-extensions.cli-translator

Translate ARM template to executable Azure CLI scripts

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0

pkgs.python311Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates

nixos-unstable 1.91.0
- nixpkgs-unstable 1.91.0
- nixos-unstable-small 1.91.0

pkgs.python312Packages.aws-sam-translator

Python library to transform SAM templates into AWS CloudFormation templates

nixos-unstable 1.91.0
- nixpkgs-unstable 1.91.0
- nixos-unstable-small 1.91.0

Package maintainers

@ulrikstrid Ulrik Strid <ulrik.strid@outlook.com>
@katexochen Paul Meyer <katexochen0@gmail.com>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@pongo1231 pongo1231 <pongo12310@gmail.com>

Permalink CVE-2024-41937

6.1 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality impact (C): LOW
Integrity impact (I): LOW
Availability impact (A): NONE

created 1 year ago

Apache Airflow: Stored XSS Vulnerability on provider link

Apache Airflow, versions before 2.10.0, have a vulnerability that allows the developer of a malicious provider to execute a cross-site scripting attack when clicking on a provider documentation link. This would require the provider to be installed on the web server and the user to click the provider link. Users should upgrade to 2.10.0 or later, which fixes this vulnerability.

References

Affected products

apache-airflow

<2.10.0

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable 2.7.3
- nixpkgs-unstable 2.7.3
- nixos-unstable-small 2.7.3

Package maintainers

@ingenieroariel Ariel Nunez <ariel@nunez.co>
@gbpdt Graham Bennett <nix@pdtpartners.com>
@bhipple Benjamin Hipple <bhipple@protonmail.com>

Permalink CVE-2023-31346

6.0 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year ago

Failure to initialize memory in SEV Firmware may allow a …

Failure to initialize memory in SEV Firmware may allow a privileged attacker to access stale data from other guests.

References

https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisoryx_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisoryx_transferred
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisory
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-3007 vendor-advisoryx_transferred

Affected products

PI

==various

Matching in nixpkgs

pkgs.spoofdpi

Simple and fast anti-censorship tool written in Go

nixos-unstable 0.12.0
- nixpkgs-unstable 0.12.0
- nixos-unstable-small 0.12.0

pkgs.perl538Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

nixos-unstable 1.277
- nixpkgs-unstable 1.277
- nixos-unstable-small 1.277

pkgs.perl540Packages.PPI

Parse, Analyze and Manipulate Perl (without perl)

nixos-unstable 1.277
- nixpkgs-unstable 1.277
- nixos-unstable-small 1.277

pkgs.haskellPackages.hsPID

PID control loop

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2

pkgs.spirv-llvm-translator

Tool and a library for bi-directional translation between SPIR-V and LLVM IR

nixos-unstable 18.1.0
- nixpkgs-unstable 18.1.0
- nixos-unstable-small 18.1.0

pkgs.perl538Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

nixos-unstable 0.28
- nixpkgs-unstable 0.28
- nixos-unstable-small 0.28

pkgs.perl540Packages.GSSAPI

Perl extension providing access to the GSSAPIv2 library

nixos-unstable 0.28
- nixpkgs-unstable 0.28
- nixos-unstable-small 0.28

pkgs.perl538Packages.PDFAPI2

Create, modify, and examine PDF files

nixos-unstable API2-2.045
- nixpkgs-unstable API2-2.045
- nixos-unstable-small API2-2.045

pkgs.perl540Packages.PDFAPI2

Create, modify, and examine PDF files

nixos-unstable API2-2.045
- nixpkgs-unstable API2-2.045
- nixos-unstable-small API2-2.045

pkgs.haskellPackages.EdisonAPI

A library of efficient, purely-functional data structures (API)

nixos-unstable 1.3.3.1
- nixpkgs-unstable 1.3.3.1
- nixos-unstable-small 1.3.3.1

pkgs.perl538Packages.PPIxUtils

Utility functions for PPI

nixos-unstable 0.003
- nixpkgs-unstable 0.003
- nixos-unstable-small 0.003

pkgs.perl540Packages.PPIxUtils

Utility functions for PPI

nixos-unstable 0.003
- nixpkgs-unstable 0.003
- nixos-unstable-small 0.003

pkgs.perl538Packages.PPIxRegexp

Parse regular expressions

nixos-unstable 0.088
- nixpkgs-unstable 0.088
- nixos-unstable-small 0.088

pkgs.perl540Packages.PPIxRegexp

Parse regular expressions

nixos-unstable 0.088
- nixpkgs-unstable 0.088
- nixos-unstable-small 0.088

pkgs.perl538Packages.ProcPIDFile

Manage process id files

nixos-unstable 1.29
- nixpkgs-unstable 1.29
- nixos-unstable-small 1.29

pkgs.perl540Packages.ProcPIDFile

Manage process id files

nixos-unstable 1.29
- nixpkgs-unstable 1.29
- nixos-unstable-small 1.29

pkgs.perl538Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

nixos-unstable 0.21
- nixpkgs-unstable 0.21
- nixos-unstable-small 0.21

pkgs.perl540Packages.WWWTwilioAPI

Accessing Twilio's REST API with Perl

nixos-unstable 0.21
- nixpkgs-unstable 0.21
- nixos-unstable-small 0.21

pkgs.perl538Packages.OpenAPIClient

Client for talking to an Open API powered server

nixos-unstable 1.07
- nixpkgs-unstable 1.07
- nixos-unstable-small 1.07

pkgs.perl538Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

nixos-unstable 0.023
- nixpkgs-unstable 0.023
- nixos-unstable-small 0.023

pkgs.perl538Packages.PPIxUtilities

Extensions to PPI|PPI

nixos-unstable 1.001000
- nixpkgs-unstable 1.001000
- nixos-unstable-small 1.001000

pkgs.perl540Packages.OpenAPIClient

Client for talking to an Open API powered server

nixos-unstable 1.07
- nixpkgs-unstable 1.07
- nixos-unstable-small 1.07

pkgs.perl540Packages.PPIxQuoteLike

Parse Perl string literals and string-literal-like things

nixos-unstable 0.023
- nixpkgs-unstable 0.023
- nixos-unstable-small 0.023

pkgs.perl540Packages.PPIxUtilities

Extensions to PPI|PPI

nixos-unstable 1.001000
- nixpkgs-unstable 1.001000
- nixos-unstable-small 1.001000

pkgs.perl538Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

nixos-unstable 5.09
- nixpkgs-unstable 5.09
- nixos-unstable-small 5.09

pkgs.perl540Packages.MojoliciousPluginOpenAPI

OpenAPI / Swagger plugin for Mojolicious

nixos-unstable 5.09
- nixpkgs-unstable 5.09
- nixos-unstable-small 5.09

Package maintainers

@de11n Elliot Cameron <nixpkgs-commits@deshaw.com>
@invokes-su Souvik Sen <nixpkgs-commits@deshaw.com>
@stigtsp Stig Palmquist <stig@stig.io>
@gloaming Craig Hall <ch9871@gmail.com>
@s0me1newithhand7s hand7s <s0me1newithhand7s@gmail.com>

Permalink CVE-2024-25142

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 year ago

Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache Airflow: before 2.9.2. Users are recommended to upgrade to version 2.9.2, which fixes the issue.

References

https://github.com/apache/airflow/pull/39550 patch
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
https://github.com/apache/airflow/pull/39550 patchx_transferred
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2024/06/13/1
https://github.com/apache/airflow/pull/39550 patch
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
https://github.com/apache/airflow/pull/39550 patch
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
https://github.com/apache/airflow/pull/39550 patchx_transferred
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisoryx_transferred
https://github.com/apache/airflow/pull/39550 patch
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
https://github.com/apache/airflow/pull/39550 patchx_transferred
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2024/06/13/1
https://github.com/apache/airflow/pull/39550 patch
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisory
https://github.com/apache/airflow/pull/39550 patchx_transferred
https://lists.apache.org/thread/cg1j28lk0fhzthk0of1g7vy7p2n1j7nr vendor-advisoryx_transferred
http://www.openwall.com/lists/oss-security/2024/06/13/1

Affected products

apache-airflow

<2.9.2

Matching in nixpkgs

pkgs.apache-airflow

Programmatically author, schedule and monitor data pipelines

nixos-unstable 2.7.3
- nixpkgs-unstable 2.7.3
- nixos-unstable-small 2.7.3

Package maintainers

@ingenieroariel Ariel Nunez <ariel@nunez.co>
@gbpdt Graham Bennett <nix@pdtpartners.com>
@bhipple Benjamin Hipple <bhipple@protonmail.com>

Permalink CVE-2022-28656

5.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): LOW
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 1 year ago

is_closing_session() allows users to consume RAM in the Apport process

is_closing_session() allows users to consume RAM in the Apport process

References

https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-trackingx_transferred
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-tracking
https://ubuntu.com/security/notices/USN-5427-1 vendor-advisoryx_transferred
https://www.cve.org/CVERecord?id=CVE-2022-28656 issue-trackingx_transferred

Affected products

apport

<2.21.0

Matching in nixpkgs

pkgs.haskellPackages.apportionment

Round a set of numbers while maintaining its sum

nixos-unstable 0.0.0.4
- nixpkgs-unstable 0.0.0.4
- nixos-unstable-small 0.0.0.4

Package maintainers

@thielema Henning Thielemann <nix@henning-thielemann.de>

1
2
…
377
378
379
380
381
382
383
…
400
401