Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-52631

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 2 weeks ago
@jopejoe1 removed
15 packages
- python312Packages.aionut
- python313Packages.aionut
- python314Packages.aionut
- python312Packages.aiontfy
- python313Packages.aiontfy
- python314Packages.aiontfy
- python312Packages.aionotion
- python313Packages.aionotion
- python314Packages.aionotion
- python312Packages.aionanoleaf
- python313Packages.aionanoleaf
- python314Packages.aionanoleaf
- python312Packages.electrum-aionostr
- python313Packages.electrum-aionostr
- python314Packages.electrum-aionostr
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability.

HCL AION is affected by a Missing or Insecure HTTP Strict-Transport-Security (HSTS) Header vulnerability. This can allow insecure connections, potentially exposing the application to man-in-the-middle and protocol downgrade attacks.. This issue affects AION: 2.0.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Affected products

AION

==2.0

Not present in nixpkgs

Suggestion detail

References

Affected products