NIXPKGS-2026-0871
GitHub issue
published on 31 Mar 2026
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
5 packages
- python312Packages.pytautulli
- python313Packages.pytautulli
- python314Packages.pytautulli
- home-assistant-component-tests.tautulli
- tests.home-assistant-component-tests.tautulli
- @mweinelt accepted
- @mweinelt published on GitHub
Tautulli: Unsanitized JSONP callback parameter allows cross-origin script injection and API key theft
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0.
References
- https://github.com/Tautulli/Tautulli/security/advisories/GHSA-95mg-wpqw-9qxh x_refsource_CONFIRM
- https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0 x_refsource_MISC
Affected products
Tautulli
- ==>= 1.3.10, < 2.17.0
Matching in nixpkgs
Ignored packages (5)
pkgs.python312Packages.pytautulli
Python module to get information from Tautulli
pkgs.python313Packages.pytautulli
Python module to get information from Tautulli
pkgs.python314Packages.pytautulli
Python module to get information from Tautulli
pkgs.home-assistant-component-tests.tautulli
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.tautulli
Open source home automation that puts local control and privacy first
Package maintainers
-
@rhoriguchi Ryan Horiguchi <ryan.horiguchi@gmail.com>