Nixpkgs security tracker
Dismissed
Permalink
CVE-2026-1062
6.3 MEDIUM
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): Low (L)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): Low (L)
- Integrity (I): Low (L)
- Availability (A): Low (L)
- Exploit Code Maturity (E): Proof-of-Concept (P)
- Remediation Level (RL): Not Defined (X)
- Report Confidence (RC): Reasonable (R)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): Low (L)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): Low (L)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): Low (L)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
2 packages
- tmsu
- commitmsgfmt
- @LeSuisse dismissed
xiweicheng TMS HtmlUtil.java summary server-side request forgery
A flaw has been found in xiweicheng TMS up to 2.28.0. This affects the function Summary of the file src/main/java/com/lhjz/portal/util/HtmlUtil.java. This manipulation of the argument url causes server-side request forgery. It is possible to initiate the attack remotely. The exploit has been published and may be used.
References
-
VDB-341630 | xiweicheng TMS HtmlUtil.java summary server-side request forgery vdb-entrytechnical-description
-
Affected products
TMS
- ==2.1
- ==2.12
- ==2.8
- ==2.28.0
- ==2.22
- ==2.23
- ==2.7
- ==2.5
- ==2.20
- ==2.19
- ==2.6
- ==2.0
- ==2.27
- ==2.14
- ==2.4
- ==2.15
- ==2.13
- ==2.18
- ==2.17
- ==2.11
- ==2.10
- ==2.21
- ==2.24
- ==2.16
- ==2.25
- ==2.3
- ==2.2
- ==2.26
- ==2.9
Ignored packages (2)
pkgs.tmsu
Tool for tagging your files using a virtual filesystem
-
nixos-unstable 0.7.5-unstable-2024-06-08
- nixpkgs-unstable 0.7.5-unstable-2024-06-08
- nixos-unstable-small 0.7.5-unstable-2024-06-08
pkgs.commitmsgfmt
Formats commit messages better than fmt(1) and Vim