Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2024-56156
updated 4 months, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 4 months, 2 weeks ago
  • @LeSuisse ignored
    14 packages
    • eschalot
    • python312Packages.halo
    • python313Packages.halo
    • python314Packages.halo
    • typstPackages.whalogen
    • python312Packages.halohome
    • python313Packages.halohome
    • python314Packages.halohome
    • typstPackages.whalogen_0_1_0
    • typstPackages.whalogen_0_2_0
    • typstPackages.whalogen_0_3_0
    • python312Packages.django-cachalot
    • python313Packages.django-cachalot
    • python314Packages.django-cachalot
    4 months, 2 weeks ago
  • @LeSuisse dismissed 4 months, 2 weeks ago
Halo Vulnerable to Stored XSS and RCE via File Upload Bypass

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.

Affected products

halo
  • ==< 2.20.13

Matching in nixpkgs

pkgs.halo

Self-hosted dynamic blogging program

Ignored packages (14)

Package maintainers

Current stable branch was never impacted.

https://github.com/NixOS/nixpkgs/pull/370594
https://github.com/NixOS/nixpkgs/pull/371151