Nixpkgs security tracker
by @LeSuisse Activity log
- Created suggestion
-
@LeSuisse
ignored
10 packages
- python312Packages.affine
- python313Packages.affine
- python314Packages.affine
- python312Packages.affinegap
- python313Packages.affinegap
- python314Packages.affinegap
- python312Packages.affine-gaps
- python313Packages.affine-gaps
- haskellPackages.affinely-extended
- haskellPackages.simple-affine-space
- @LeSuisse accepted
- @LeSuisse published on GitHub
AFFiNE: Open Redirect via Regex Bypass in redirect-proxy
AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.
References
-
https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289 x_refsource_CONFIRM
Affected products
- ==< 0.26.0
Matching in nixpkgs
pkgs.affine
Workspace with fully merged docs, whiteboards and databases
Ignored packages (10)
pkgs.python312Packages.affine
Matrices describing affine transformation of the plane
pkgs.python313Packages.affine
Matrices describing affine transformation of the plane
pkgs.python314Packages.affine
Matrices describing affine transformation of the plane
pkgs.python312Packages.affinegap
Cython implementation of the affine gap string distance
pkgs.python313Packages.affinegap
Cython implementation of the affine gap string distance
pkgs.python314Packages.affinegap
Cython implementation of the affine gap string distance
pkgs.python312Packages.affine-gaps
None
pkgs.python313Packages.affine-gaps
None
pkgs.haskellPackages.affinely-extended
None
Package maintainers
-
@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
-
@redyf Mateus Alves <mateusalvespereira7@gmail.com>
-
@ri-char richar