Nixpkgs security tracker

Published

Permalink CVE-2026-6093

6.0 MEDIUM

CVSS version (CVSS): 4.0
Attack Vector (AV): Network (N)
Attack Complexity (AC): Low (L)
Attack Requirement (AT): Present (P)
Privileges Required (PR): Low (L)
User Interaction (UI): None (N)
Vulnerable System Impact Confidentiality (VC): High (H)
Vulnerable System Impact Integrity (VI): Low (L)
Vulnerable System Impact Availability (VA): None (N)
Subsequent System Impact Confidentiality (SC): None (N)
Subsequent System Impact Integrity (SI): None (N)
Subsequent System Impact Availability (SA): None (N)
Modified Attack Vector (MAV): Network (N)
Modified Attack Complexity (MAC): Low (L)
Modified Attack Requirement (MAT): Present (P)
Modified Privileges Required (MPR): Low (L)
Modified User Interaction (MUI): None (N)
Modified Vulnerable System Impact Confidentiality (MVC): High (H)
Modified Vulnerable System Impact Integrity (MVI): Low (L)
Modified Vulnerable System Impact Availability (MVA): None (N)
Modified Subsequent System Impact Confidentiality (MSC): Negligible (N)
Modified Subsequent System Impact Integrity (MSI): Negligible (N)
Modified Subsequent System Impact Availability (MSA): Negligible (N)
Safety (S): Not Defined (X)
Automatable (AU): Not Defined (X)
Recovery (R): Not Defined (X)
Value Density (V): Not Defined (X)
Vulnerability Response Effort (RE): Not Defined (X)
Provider Urgency (U): Not Defined (X)
Confidentiality Req. (CR): Not Defined (X)
Integrity Req. (IR): Not Defined (X)
Availability Req. (AR): Not Defined (X)
Exploit Maturity (E): Not Defined (X)

updated 2 hours ago by @LeSuisse Activity log

Created suggestion 10 hours ago
@LeSuisse ignored reference https://g… 2 hours ago
@LeSuisse accepted 2 hours ago
@LeSuisse published on GitHub 2 hours ago

Corteza 2024.9.8 - SQL Injection in MSSQL JSON-path meta filter via incorrect T-SQL string escaping

Corteza contains a SQL injection vulnerability in its Microsoft SQL Server (MSSQL) backend when filtering Compose records by the meta field.This issue affects corteza: 2024.9.8.

References

https://fluidattacks.com/es/advisories/motley exploitthird-party-advisory

Ignored references (1)

https://github.com/cortezaproject/corteza product

Affected products

corteza

==2024.9.8

Matching in nixpkgs

pkgs.corteza

Low-code platform

nixos-unstable 2024.9.2
- nixpkgs-unstable 2024.9.2
- nixos-unstable-small 2024.9.2
nixos-25.11 2024.9.2
- nixos-25.11-small 2024.9.2
- nixpkgs-25.11-darwin 2024.9.2

Package maintainers

@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@ethancedwards8 Ethan Carter Edwards <ethan@ethancedwards.com>
@eljamm Fedi Jamoussi <fedi.jamoussi@protonmail.ch>
@Prince213 Sizhe Zhao <prc.zhao@outlook.com>
@wegank Weijia Wang <contact@weijia.wang>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.corteza

Package maintainers