Nixpkgs security tracker
NIXPKGS-2026-0334
GitHub issue
published on
Permalink
CVE-2026-27190
8.1 HIGH
- CVSS version (CVSS): 3.1
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): High (H)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): High (H)
- Availability (A): High (H)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): High (H)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): High (H)
- Modified Availability (MA): High (H)
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
14 packages
- speech-denoiser
- openimagedenoise
- terraform-providers.deno
- python312Packages.denonavr
- python313Packages.denonavr
- haskellPackages.pandoc-sidenote
- terraform-providers.denoland_deno
- gnomeExtensions.denon-avr-controler
- python312Packages.bnunicodenormalizer
- python313Packages.bnunicodenormalizer
- python314Packages.bnunicodenormalizer
- vscode-extensions.denoland.vscode-deno
- home-assistant-component-tests.denonavr
- tests.home-assistant-component-tests.denonavr
- @LeSuisse accepted
- @LeSuisse published on GitHub
Deno has a Command Injection via Incomplete shell metacharacter blocklist in node:child_process
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Prior to 2.6.8, a command injection vulnerability exists in Deno's node:child_process implementation. This vulnerability is fixed in 2.6.8.
References
-
https://github.com/denoland/deno/security/advisories/GHSA-hmh4-3xvx-q5hr x_refsource_CONFIRM
-
https://github.com/denoland/deno/releases/tag/v2.6.8 x_refsource_MISC
Affected products
deno
- ==< 2.6.8
Matching in nixpkgs
Ignored packages (14)
pkgs.speech-denoiser
Speech denoise lv2 plugin based on RNNoise library
-
nixos-unstable 0-unstable-2018-10-08
- nixpkgs-unstable 0-unstable-2018-10-08
- nixos-unstable-small 0-unstable-2018-10-08
-
nixos-25.11 0-unstable-2018-10-08
- nixos-25.11-small 0-unstable-2018-10-08
- nixpkgs-25.11-darwin 0-unstable-2018-10-08
pkgs.openimagedenoise
High-Performance Denoising Library for Ray Tracing
pkgs.terraform-providers.deno
None
pkgs.python312Packages.denonavr
Automation Library for Denon AVR receivers
pkgs.python313Packages.denonavr
Automation Library for Denon AVR receivers
pkgs.haskellPackages.pandoc-sidenote
Convert Pandoc Markdown-style footnotes into sidenotes
pkgs.terraform-providers.denoland_deno
None
pkgs.gnomeExtensions.denon-avr-controler
Denon AVR controler
pkgs.python312Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.python313Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.python314Packages.bnunicodenormalizer
Bangla Unicode Normalization Toolkit
pkgs.vscode-extensions.denoland.vscode-deno
Language server client for Deno
pkgs.home-assistant-component-tests.denonavr
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.denonavr
Open source home automation that puts local control and privacy first
Package maintainers
-
@ofalvai Olivér Falvai <ofalvai@gmail.com>
-
@06kellyjac Jack <hello+nixpkgs@j-k.io>