Nixpkgs Security Tracker

Dismissed

Permalink CVE-2025-52629

3.7 LOW

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): HIGH
Privileges required (PR): LOW
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): LOW
Integrity impact (I): NONE
Availability impact (A): LOW

updated 1 month, 2 weeks ago by @jopejoe1 Activity log

Created automatic suggestion 1 month, 2 weeks ago
@jopejoe1 removed
15 packages
- python312Packages.aionut
- python313Packages.aionut
- python314Packages.aionut
- python312Packages.aiontfy
- python313Packages.aiontfy
- python314Packages.aiontfy
- python312Packages.aionotion
- python313Packages.aionotion
- python314Packages.aionotion
- python312Packages.aionanoleaf
- python313Packages.aionanoleaf
- python314Packages.aionanoleaf
- python312Packages.electrum-aionostr
- python313Packages.electrum-aionostr
- python314Packages.electrum-aionostr
1 month, 2 weeks ago
@jopejoe1 dismissed 1 month, 2 weeks ago

HCL AION is susceptible to Missing Content-Security-Policy

HCL AION is susceptible to Missing Content-Security-Policy. An The absence of a CSP header may increase the risk of cross-site scripting and other content injection attacks by allowing unsafe scripts or resources to execute..This issue affects AION: 2.0.

References

https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0127972

Affected products

AION

==2.0

Not present in nixpkgs

Suggestion detail

References

Affected products