Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2025-52624
5.4 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): NONE
updated 1 month, 2 weeks ago by @jopejoe1 Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @jopejoe1 removed
    15 packages
    • python312Packages.aionut
    • python313Packages.aionut
    • python314Packages.aionut
    • python312Packages.aiontfy
    • python313Packages.aiontfy
    • python314Packages.aiontfy
    • python312Packages.aionotion
    • python313Packages.aionotion
    • python314Packages.aionotion
    • python312Packages.aionanoleaf
    • python313Packages.aionanoleaf
    • python314Packages.aionanoleaf
    • python312Packages.electrum-aionostr
    • python313Packages.electrum-aionostr
    • python314Packages.electrum-aionostr
    1 month, 2 weeks ago
  • @jopejoe1 dismissed 1 month, 2 weeks ago
HCL AION is susceptible to Bypass of the script allow list configuration vulnerability

A vulnerability  Bypass of the script allowlist configuration in HCL AION.  An incorrectly configured Content-Security-Policy header may allow unauthorized scripts to execute, increasing the risk of cross-site scripting and other injection-based attacks.This issue affects AION: 2.0.

References

Affected products

AION
  • ==2.0 
Not present in nixpkgs