Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-1062
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 2 months ago by @LeSuisse Activity log
  • Created automatic suggestion 2 months ago
  • @LeSuisse removed
    2 packages
    • tmsu
    • commitmsgfmt
    2 months ago
  • @LeSuisse dismissed 2 months ago
xiweicheng TMS HtmlUtil.java summary server-side request forgery

A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used.

References

Affected products

TMS
  • ==2.11
  • ==2.12
  • ==2.9
  • ==2.18
  • ==2.22
  • ==2.5
  • ==2.25
  • ==2.10
  • ==2.6
  • ==2.2
  • ==2.16
  • ==2.0
  • ==2.27
  • ==2.17
  • ==2.23
  • ==2.8
  • ==2.19
  • ==2.28.0
  • ==2.1
  • ==2.13
  • ==2.24
  • ==2.26
  • ==2.20
  • ==2.21
  • ==2.14
  • ==2.15
  • ==2.4
  • ==2.3
  • ==2.7 
Impacted software is not present in nixpkgs