NIXPKGS-2026-0059 published on 20 Jan 2026 CVE-2025-68616 updated 2 days, 13 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 19 hours ago @LeSuisse removed 2 packages python312Packages.django-weasyprint python313Packages.django-weasyprint 2 days, 13 hours ago @LeSuisse accepted as draft 2 days, 13 hours ago @LeSuisse published on GitHub 2 days, 13 hours ago WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue. Affected products WeasyPrint ==< 68.0 Matching in nixpkgs pkgs.python312Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1 pkgs.python313Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1 Package maintainers: 3 @wolfgangwalther Wolfgang Walther <walther@technowledgy.de> @DutchGerman Stefan Visser <stefan.visser@apm-ecampus.de> @hoh Hugo Herter <git@hugoherter.com>
CVE-2025-68616 updated 2 days, 13 hours ago by @LeSuisse Activity log Created automatic suggestion 2 days, 19 hours ago @LeSuisse removed 2 packages python312Packages.django-weasyprint python313Packages.django-weasyprint 2 days, 13 hours ago @LeSuisse accepted as draft 2 days, 13 hours ago @LeSuisse published on GitHub 2 days, 13 hours ago WeasyPrint Vulnerable to Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect WeasyPrint helps web developers to create PDF documents. Prior to version 68.0, a server-side request forgery (SSRF) protection bypass exists in WeasyPrint's `default_url_fetcher`. The vulnerability allows attackers to access internal network resources (such as `localhost` services or cloud metadata endpoints) even when a developer has implemented a custom `url_fetcher` to block such access. This occurs because the underlying `urllib` library follows HTTP redirects automatically without re-validating the new destination against the developer's security policy. Version 68.0 contains a patch for the issue. Affected products WeasyPrint ==< 68.0 Matching in nixpkgs pkgs.python312Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1 pkgs.python313Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1 Package maintainers: 3 @wolfgangwalther Wolfgang Walther <walther@technowledgy.de> @DutchGerman Stefan Visser <stefan.visser@apm-ecampus.de> @hoh Hugo Herter <git@hugoherter.com>
pkgs.python312Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1
pkgs.python313Packages.weasyprint Converts web documents to PDF nixos-unstable 66.0 nixpkgs-unstable 66.0 nixos-unstable-small 66.0 nixos-25.05 65.1 nixos-25.05-small 65.1 nixpkgs-25.05-darwin 65.1