Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2025-68662

created 2 weeks ago

FinalDestination hostname matching allows SSRF protection bypass

Discourse is an open source discussion platform. In versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0, a hostname validation issue in FinalDestination could allow bypassing SSRF protections under certain conditions. This issue is patched in versions 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0. No known workarounds are available.

Affected products

discourse

==< 3.5.4
==>= 2026.1.0-latest, < 2026.1.0
==>= 2025.12.0-latest, < 2025.12.1
==>= 2025.11.0-latest, < 2025.11.2

Matching in nixpkgs

pkgs.discourse

Discourse is an open source discussion platform

nixos-unstable 3.5.2
- nixpkgs-unstable 3.5.2
- nixos-unstable-small 3.5.2
nixos-25.05 3.4.7
- nixos-25.05-small 3.4.7
- nixpkgs-25.05-darwin 3.4.7

pkgs.discourseAllPlugins

Discourse is an open source discussion platform

nixos-unstable 3.5.2
- nixpkgs-unstable 3.5.2
- nixos-unstable-small 3.5.2
nixos-25.05 3.4.7
- nixos-25.05-small 3.4.7
- nixpkgs-25.05-darwin 3.4.7

pkgs.discourse-mail-receiver

Helper program which receives incoming mail for Discourse

nixos-unstable 4.1.0
- nixpkgs-unstable 4.1.0
- nixos-unstable-small 4.1.0
nixos-25.05 4.1.0
- nixos-25.05-small 4.1.0
- nixpkgs-25.05-darwin 4.1.0

pkgs.python312Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.05 1.7.0
- nixos-25.05-small 1.7.0
- nixpkgs-25.05-darwin 1.7.0

pkgs.python313Packages.pydiscourse

Python library for working with Discourse

nixos-unstable 1.7.0
- nixpkgs-unstable 1.7.0
- nixos-unstable-small 1.7.0
nixos-25.05 1.7.0
- nixos-25.05-small 1.7.0
- nixpkgs-25.05-darwin 1.7.0

pkgs.grafanaPlugins.grafana-discourse-datasource

Allows users to search and view topics, posts, users, tags, categories, and reports on a given Discourse forum through Grafana

nixos-unstable 2.0.2
- nixpkgs-unstable 2.0.2
- nixos-unstable-small 2.0.2

Package maintainers

@talyz Kim Lindberger <kim.lindberger@gmail.com>
@Dettorer Paul Hervot <paul.hervot@dettorer.net>
@nagisa Simonas Kazlauskas <nixpkgs@kazlauskas.me>