Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: gazelle-origin

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
(not in Nixpkgs)
Permalink CVE-2026-40562
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): High (H)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): None (N)
updated 2 weeks, 5 days ago by @LeSuisse Activity log
  • Created suggestion 2 weeks, 5 days ago
  • @LeSuisse dismissed (not in Nixpkgs) 2 weeks, 5 days ago
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must take precedence. An attacker could exploit this to smuggle malicious HTTP requests via a front-end reverse proxy.

Affected products

Gazelle
  • =<0.49

Matching in nixpkgs

pkgs.bazel-gazelle

Gazelle is a Bazel build file generator for Bazel projects. It natively supports Go and protobuf, and it may be extended to support new languages and custom rule sets.

pkgs.gazelle-origin

Tool for generating origin files using the API of Gazelle-based torrent trackers

Package maintainers