Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2025-0015

NIXPKGS-2025-0015
published on
Permalink CVE-2025-8396
updated 4 months, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 7 months, 3 weeks ago
  • @LeSuisse ignored
    14 packages
    • temporal-cli
    • python312Packages.temporalio
    • python313Packages.temporalio
    • haskellPackages.temporal-media
    • terraform-providers.temporalcloud
    • postgresqlPackages.temporal_tables
    • postgresql13Packages.temporal_tables
    • postgresql14Packages.temporal_tables
    • postgresql15Packages.temporal_tables
    • postgresql16Packages.temporal_tables
    • postgresql18Packages.temporal_tables
    • haskellPackages.temporal-music-notation
    • haskellPackages.temporal-music-notation-demo
    • haskellPackages.temporal-music-notation-western
    6 months, 2 weeks ago
  • @LeSuisse accepted 6 months, 2 weeks ago
  • @LeSuisse published on GitHub 4 months, 3 weeks ago
Insufficiently specific bounds checking on authorization header could lead to …

Insufficiently specific bounds checking on authorization header could lead to denial of service in the Temporal server on all platforms due to excessive memory allocation.This issue affects all platforms and versions of OSS Server prior to 1.26.3, 1.27.3, and 1.28.1 (i.e., fixed in 1.26.3, 1.27.3, and 1.28.1 and later). Temporal Cloud services are not impacted.

Affected products

temporal
  • <1.27.3
  • <1.26.3
  • <1.28.1

Matching in nixpkgs

pkgs.temporal

Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability

  • nixos-unstable -
Ignored packages (14)

pkgs.temporal-cli

Command-line interface for running Temporal Server and interacting with Workflows, Activities, Namespaces, and other parts of Temporal

  • nixos-unstable -

Package maintainers