Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-2947
3.5 LOW
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month ago by @mweinelt Activity log
  • Created automatic suggestion 1 month ago
  • @LeSuisse removed package tests.home-assistant-component-tests.ecoforest 1 month ago
  • @mweinelt removed
    17 packages
    • everforest-cursors
    • everforest-gtk-theme
    • haskellPackages.dirforest
    • haskellPackages.data-forest
    • python312Packages.pyecoforest
    • python313Packages.pyecoforest
    • python314Packages.pyecoforest
    • haskellPackages.ForestStructures
    • python312Packages.quantile-forest
    • python313Packages.quantile-forest
    • python314Packages.quantile-forest
    • haskellPackages.genvalidity-dirforest
    • home-assistant-component-tests.ecoforest
    • home-assistant-component-tests.rainforest_eagle
    • home-assistant-component-tests.rainforest_raven
    • tests.home-assistant-component-tests.rainforest_eagle
    • tests.home-assistant-component-tests.rainforest_raven
    1 month ago
  • @mweinelt dismissed 1 month ago
rymcu forest User Profile UserInfoController.java updateUserInfo cross site scripting

A vulnerability was detected in rymcu forest up to 0.0.5. This affects the function updateUserInfo of the file - src/main/java/com/rymcu/forest/web/api/user/UserInfoController.java of the component User Profile Handler. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

Affected products

forest
  • ==0.0.3
  • ==0.0.4
  • ==0.0.5
  • ==0.0.1
  • ==0.0.2
Ignored packages (18) 
Not in nixpkgs