Nixpkgs security tracker

Dismissed

Permalink CVE-2025-64712

9.8 CRITICAL

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): High (H)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): High (H)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

updated 4 months, 2 weeks ago by @LeSuisse Activity log

Created suggestion 4 months, 2 weeks ago
@LeSuisse ignored
13 packages
- unstructured-api
- pkgsRocm.unstructured-api
- python312Packages.unstructured-client
- python313Packages.unstructured-client
- python314Packages.unstructured-client
- python312Packages.unstructured-api-tools
- python312Packages.unstructured-inference
- python313Packages.unstructured-api-tools
- python313Packages.unstructured-inference
- python314Packages.unstructured-api-tools
- python314Packages.unstructured-inference
- pkgsRocm.python3Packages.unstructured-inference
- tests.devShellTools.unstructuredDerivationInputEnv
4 months, 2 weeks ago
@LeSuisse dismissed 4 months, 2 weeks ago

Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.

References

https://github.com/Unstructured-IO/unstructured/security/advisories/GHSA-gm8q-m8mv-jj5m x_refsource_CONFIRM
https://github.com/Unstructured-IO/unstructured/commit/b01d35b2373fd087d2e15162b9c021663c97155d x_refsource_MISC

Affected products

unstructured

==< 0.18.18

Matching in nixpkgs

pkgs.python312Packages.unstructured

None

pkgs.python313Packages.unstructured

Open source libraries and APIs to build custom preprocessing pipelines for labeling, training, or production machine learning pipelines

nixos-unstable 0.18.27
- nixpkgs-unstable 0.18.27
- nixos-unstable-small 0.18.27

pkgs.python314Packages.unstructured

Open source libraries and APIs to build custom preprocessing pipelines for labeling, training, or production machine learning pipelines

nixos-unstable 0.18.27
- nixpkgs-unstable 0.18.27
- nixos-unstable-small 0.18.27

Ignored packages (13)

pkgs.unstructured-api

Open-source toolkit designed to make it easy to prepare unstructured data like PDFs, HTML and Word Documents for downstream data science tasks

nixos-unstable 0.0.92
- nixpkgs-unstable 0.0.92
- nixos-unstable-small 0.0.92

pkgs.pkgsRocm.unstructured-api

Open-source toolkit designed to make it easy to prepare unstructured data like PDFs, HTML and Word Documents for downstream data science tasks

nixos-unstable 0.0.92
- nixpkgs-unstable 0.0.92
- nixos-unstable-small 0.0.92

pkgs.python312Packages.unstructured-client

None

pkgs.python313Packages.unstructured-client

Python Client SDK for Unstructured API

nixos-unstable 0.42.9
- nixpkgs-unstable 0.42.9
- nixos-unstable-small 0.42.9

pkgs.python314Packages.unstructured-client

Python Client SDK for Unstructured API

nixos-unstable 0.42.9
- nixpkgs-unstable 0.42.9
- nixos-unstable-small 0.42.9

nixos-unstable 0.10.11
- nixpkgs-unstable 0.10.11
- nixos-unstable-small 0.10.11

pkgs.python313Packages.unstructured-inference

Hosted model inference code for layout parsing models

nixos-unstable 1.1.4
- nixpkgs-unstable 1.1.4
- nixos-unstable-small 1.1.4

pkgs.python314Packages.unstructured-api-tools

None

nixos-unstable 0.10.11
- nixpkgs-unstable 0.10.11
- nixos-unstable-small 0.10.11

pkgs.python314Packages.unstructured-inference

Hosted model inference code for layout parsing models

nixos-unstable 1.1.4
- nixpkgs-unstable 1.1.4
- nixos-unstable-small 1.1.4

pkgs.pkgsRocm.python3Packages.unstructured-inference

Hosted model inference code for layout parsing models

nixos-unstable 1.1.4
- nixpkgs-unstable 1.1.4
- nixos-unstable-small 1.1.4

pkgs.tests.devShellTools.unstructuredDerivationInputEnv

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

Package maintainers

@happysalada Raphael Megzari <raphael@megzari.com>

Stable has never impacted (https://github.com/NixOS/nixpkgs/commit/af717cae2e2a3a0f01dd0fccf2bc2f2537f118cc)

Nixpkgs security tracker

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.python312Packages.unstructured

pkgs.python313Packages.unstructured

pkgs.python314Packages.unstructured

pkgs.unstructured-api

pkgs.pkgsRocm.unstructured-api

pkgs.python312Packages.unstructured-client

pkgs.python313Packages.unstructured-client

pkgs.python314Packages.unstructured-client

pkgs.python312Packages.unstructured-api-tools

pkgs.python312Packages.unstructured-inference

pkgs.python313Packages.unstructured-api-tools

pkgs.python313Packages.unstructured-inference

pkgs.python314Packages.unstructured-api-tools

pkgs.python314Packages.unstructured-inference

pkgs.pkgsRocm.python3Packages.unstructured-inference

pkgs.tests.devShellTools.unstructuredDerivationInputEnv

Package maintainers