Nixpkgs security tracker

Dismissed

(not in Nixpkgs)

Permalink CVE-2026-40562

7.5 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Unchanged (U)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Unchanged (U)
Modified Integrity (MI): High (H)
Modified Availability (MA): None (N)

updated 2 weeks, 5 days ago by @LeSuisse Activity log

Created suggestion 2 weeks, 5 days ago
@LeSuisse dismissed (not in Nixpkgs) 2 weeks, 5 days ago

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

References

Affected products

Gazelle

=<0.49

Matching in nixpkgs

pkgs.bazel-gazelle

Gazelle is a Bazel build file generator for Bazel projects. It natively supports Go and protobuf, and it may be extended to support new languages and custom rule sets.

nixos-unstable 0.47.0
- nixpkgs-unstable 0.47.0
- nixos-unstable-small 0.47.0
nixos-25.11 0.47.0
- nixos-25.11-small 0.47.0
- nixpkgs-25.11-darwin 0.47.0

pkgs.gazelle-origin

Tool for generating origin files using the API of Gazelle-based torrent trackers

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.11 3.0.0
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

Package maintainers