Nixpkgs Security Tracker

Dismissed

Permalink CVE-2026-1175

5.3 MEDIUM

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 2 months ago by @LeSuisse Activity log

Created automatic suggestion 2 months ago
@LeSuisse removed
45 packages
- mprime
- primecount
- primesieve
- prime-server
- courier-prime
- CuboCore.libcprime
- quartus-prime-lite
- rubyPackages.prime
- dolphin-emu-primehack
- haskellPackages.primes
- rubyPackages_3_1.prime
- rubyPackages_3_2.prime
- rubyPackages_3_3.prime
- rubyPackages_3_4.prime
- rubyPackages_3_5.prime
- haskellPackages.nth-prime
- python312Packages.msprime
- python312Packages.primepy
- python312Packages.primer3
- python313Packages.msprime
- python313Packages.primepy
- python313Packages.primer3
- haskellPackages.antiprimes
- haskellPackages.primecount
- haskellPackages.primesieve
- perlPackages.MathPrimeUtil
- akkuPackages.chibi-math-prime
- haskellPackages.prelude-prime
- perl538Packages.MathPrimeUtil
- perl540Packages.MathPrimeUtil
- perlPackages.MathPrimeUtilGMP
- perlPackages.MathProvablePrime
- python312Packages.primecountpy
- python313Packages.primecountpy
- haskellPackages.opentheory-prime
- perl538Packages.MathPrimeUtilGMP
- perl540Packages.MathPrimeUtilGMP
- rubyPackages.jekyll-theme-primer
- perl538Packages.MathProvablePrime
- perl540Packages.MathProvablePrime
- rubyPackages_3_1.jekyll-theme-primer
- rubyPackages_3_2.jekyll-theme-primer
- rubyPackages_3_3.jekyll-theme-primer
- rubyPackages_3_4.jekyll-theme-primer
- rubyPackages_3_5.jekyll-theme-primer
2 months ago
@LeSuisse dismissed 2 months ago

birkir prime GraphQL Directive graphql information exposure

A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

References

VDB-341769 | birkir prime GraphQL Directive graphql information exposure vdb-entry
VDB-341769 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
Submit #731106 | birkir prime <=0.4.0 GraphQL Directive Information Disclosure third-party-advisory
https://github.com/birkir/prime/issues/546 issue-tracking exploit
VDB-341769 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
Submit #731106 | birkir prime <=0.4.0 GraphQL Directive Information Disclosure third-party-advisory
https://github.com/birkir/prime/issues/546 issue-tracking exploit
VDB-341769 | birkir prime GraphQL Directive graphql information exposure vdb-entry
https://github.com/birkir/prime/issues/546 issue-tracking exploit
https://github.com/birkir/prime/ product
VDB-341769 | birkir prime GraphQL Directive graphql information exposure vdb-entry technical-description
VDB-341769 | CTI Indicators (IOB, IOC, TTP, IOA) signature permissions-required
Submit #731106 | birkir prime <=0.4.0 GraphQL Directive Information Disclosure third-party-advisory

Affected products

prime

==0.4.0.beta

Impacted software not present in nixpkgs

Suggestion detail

References

Affected products