Nixpkgs security tracker

Untriaged

Permalink CVE-2026-41505

8.7 HIGH

CVSS version (CVSS): 3.1
Attack Vector (AV): Network (N)
Attack Complexity (AC): High (H)
Privileges Required (PR): None (N)
User Interaction (UI): None (N)
Scope (S): Changed (C)
Confidentiality (C): None (N)
Integrity (I): High (H)
Availability (A): High (H)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): High (H)
Modified Privileges Required (MPR): None (N)
Modified User Interaction (MUI): None (N)
Modified Confidentiality (MC): None (N)
Modified Scope (MS): Changed (C)
Modified Integrity (MI): High (H)
Modified Availability (MA): High (H)

created 2 weeks, 4 days ago Activity log

Created suggestion 2 weeks, 4 days ago

RELATE: Predictable Token Generation in auth.py and exam.py

RELATE is a web-based courseware package. Prior to commit 2f68e16, RELATE is vulnerable to predictable token generation in auth.py's make_sign_in_key() function and exam.py's gen_ticket_code() function. This issue has been patched via commit 2f68e16.

References

https://github.com/inducer/relate/security/advisories/GHSA-rvx5-95mm-p77v x_refsource_CONFIRM
https://github.com/inducer/relate/commit/2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb x_refsource_MISC

Affected products

relate

==< 2f68e16cd3b96d25c188c1aa3f7e13cdb15cdaeb

Matching in nixpkgs

pkgs.gpscorrelate

GPS photo correlation tool, to add EXIF geotags

nixos-unstable 2.3
- nixpkgs-unstable 2.3
- nixos-unstable-small 2.3
nixos-25.11 2.3
- nixos-25.11-small 2.3
- nixpkgs-25.11-darwin 2.3

pkgs.haskellPackages.prelate

A Prelude

nixos-unstable 0.8.0.0
- nixpkgs-unstable 0.8.0.0
- nixos-unstable-small 0.8.0.0
nixos-25.11 0.8.0.0
- nixos-25.11-small 0.8.0.0
- nixpkgs-25.11-darwin 0.8.0.0