Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40942

updated 1 month ago by @LeSuisse Activity log

Created suggestion 1 month ago
@LeSuisse dismissed (not in Nixpkgs) 1 month ago

DSF: Inverted Time Comparison in OIDC JWKS and Token Cache

The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison (isBefore instead of isAfter), causing the cache to never return cached values. Every incoming request triggered a fresh HTTP fetch of the OIDC Metadata Document and JWKS keys from the OIDC provider. The OIDC token cache for the FHIR client connections used an inverted time comparison (isBefore instead of isAfter), causing the cache to never invalidate. Every incoming request returned the same OIDC token even if expired. This vulnerability is fixed in 2.1.0.

References

https://github.com/datasharingframework/dsf/security/advisories/GHSA-xmj9-7625-f634 x_refsource_CONFIRM
https://github.com/datasharingframework/dsf/commit/31c2e974dfd4351756104ee8c53dbcd666192fef x_refsource_MISC
https://github.com/datasharingframework/dsf/commit/d3ca59b4daccde16a006fedeccce28fd1f826908 x_refsource_MISC

Affected products

dsf

==< 2.1.0

dsf-bpe-server

==< 2.1.0

dsf-bpe-process-api-v2

==< 2.1.0

Matching in nixpkgs

pkgs.mdsf

Format markdown code blocks using your favorite tools

nixos-unstable 0.11.1
- nixpkgs-unstable 0.11.1
- nixos-unstable-small 0.11.1
nixos-25.11 0.11.0
- nixos-25.11-small 0.11.0
- nixpkgs-25.11-darwin 0.11.0

pkgs.dsf2flac

DSD to FLAC transcoding tool

nixos-unstable 0-unstable-2025-01-31
- nixpkgs-unstable 0-unstable-2025-01-31
- nixos-unstable-small 0-unstable-2025-01-31
nixos-25.11 0-unstable-2025-01-31
- nixos-25.11-small 0-unstable-2025-01-31
- nixpkgs-25.11-darwin 0-unstable-2025-01-31

pkgs.python312Packages.gdsfactory

Python library to generate GDS layouts

nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.python313Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3
nixos-25.11 9.20.1
- nixos-25.11-small 9.20.1
- nixpkgs-25.11-darwin 9.20.1

pkgs.pkgsRocm.python3Packages.gdsfactory

Python library to generate GDS layouts

nixos-unstable 9.39.3
- nixpkgs-unstable 9.39.3
- nixos-unstable-small 9.39.3

Package maintainers

@artemist Artemis Tosini <me@artem.ist>
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>