NIXPKGS-2026-0500

GitHub issue published 3 months, 3 weeks ago

Permalink CVE-2026-25477

updated 3 months, 3 weeks ago by @LeSuisse Activity log

Created suggestion 3 months, 3 weeks ago
@LeSuisse ignored
10 packages
- python312Packages.affine
- python313Packages.affine
- python314Packages.affine
- python312Packages.affinegap
- python313Packages.affinegap
- python314Packages.affinegap
- python312Packages.affine-gaps
- python313Packages.affine-gaps
- haskellPackages.affinely-extended
- haskellPackages.simple-affine-space
3 months, 3 weeks ago
@LeSuisse accepted 3 months, 3 weeks ago
@LeSuisse published on GitHub 3 months, 3 weeks ago

AFFiNE: Open Redirect via Regex Bypass in redirect-proxy

AFFiNE is an open-source, all-in-one workspace and an operating system. Prior to version 0.26.0, there is an Open Redirect vulnerability located at the /redirect-proxy endpoint. The flaw exists in the domain validation logic, where an improperly anchored Regular Expression allows an attacker to bypass the whitelist by using malicious domains that end with a trusted string. This issue has been patched in version 0.26.0.

References

https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289 x_refsource_CONFIRM

Affected products

AFFiNE

==< 0.26.0

Matching in nixpkgs

pkgs.affine

Workspace with fully merged docs, whiteboards and databases

nixos-unstable 0.26.2
- nixpkgs-unstable 0.26.2
- nixos-unstable-small 0.26.2

pkgs.affine-bin

Workspace with fully merged docs, whiteboards and databases

nixos-unstable 0.18.1
- nixpkgs-unstable 0.18.1
- nixos-unstable-small 0.18.1

Ignored packages (10)

pkgs.python312Packages.affine

None

pkgs.python313Packages.affine

Matrices describing affine transformation of the plane

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.python314Packages.affine

Matrices describing affine transformation of the plane

nixos-unstable 2.4.0
- nixpkgs-unstable 2.4.0
- nixos-unstable-small 2.4.0

pkgs.python312Packages.affinegap

None

pkgs.python313Packages.affinegap

Cython implementation of the affine gap string distance

nixos-unstable 2
- nixpkgs-unstable 2
- nixos-unstable-small 2

pkgs.python314Packages.affinegap

Cython implementation of the affine gap string distance

nixos-unstable 2
- nixpkgs-unstable 2
- nixos-unstable-small 2

pkgs.python312Packages.affine-gaps

None

pkgs.python313Packages.affine-gaps

None

pkgs.haskellPackages.affinely-extended

None

nixos-unstable 0.1.0.0
- nixpkgs-unstable 0.1.0.0
- nixos-unstable-small 0.1.0.0

pkgs.haskellPackages.simple-affine-space

A simple library for affine and vector spaces

nixos-unstable 0.2.1
- nixpkgs-unstable 0.2.1
- nixos-unstable-small 0.2.1

Package maintainers

@xiaoxiangmoe ZHAO JinXiang <xiaoxiangmoe@gmail.com>
@ri-char richar
@redyf Mateus Alves <mateusalvespereira7@gmail.com>

Upstream advisory: https://github.com/toeverything/AFFiNE/security/advisories/GHSA-wx9m-v7wq-g289

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0500

References

Affected products

Matching in nixpkgs

pkgs.affine

pkgs.affine-bin

pkgs.python312Packages.affine

pkgs.python313Packages.affine

pkgs.python314Packages.affine

pkgs.python312Packages.affinegap

pkgs.python313Packages.affinegap

pkgs.python314Packages.affinegap

pkgs.python312Packages.affine-gaps

pkgs.python313Packages.affine-gaps

pkgs.haskellPackages.affinely-extended

pkgs.haskellPackages.simple-affine-space

Package maintainers