Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: halo

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2024-56156
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    14 packages
    • eschalot
    • python312Packages.halo
    • python313Packages.halo
    • python314Packages.halo
    • typstPackages.whalogen
    • python312Packages.halohome
    • python313Packages.halohome
    • python314Packages.halohome
    • typstPackages.whalogen_0_1_0
    • typstPackages.whalogen_0_2_0
    • typstPackages.whalogen_0_3_0
    • python312Packages.django-cachalot
    • python313Packages.django-cachalot
    • python314Packages.django-cachalot
    1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Halo Vulnerable to Stored XSS and RCE via File Upload Bypass

Halo is an open source website building tool. Prior to version 2.20.13, a vulnerability in Halo allows attackers to bypass file type validation controls. This bypass enables the upload of malicious files including executables and HTML files, which can lead to stored cross-site scripting attacks and potential remote code execution under certain circumstances. This issue has been patched in version 2.20.13.

References

Affected products

halo
  • ==< 2.20.13

Matching in nixpkgs

Package maintainers

Current stable branch was never impacted.

https://github.com/NixOS/nixpkgs/pull/370594
https://github.com/NixOS/nixpkgs/pull/371151