Nixpkgs Security Tracker

Untriaged

Permalink CVE-2025-15366

created 2 months ago

IMAP command injection in user-controlled commands

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

References

https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch
https://github.com/python/cpython/issues/143921 issue-tracking
https://github.com/python/cpython/pull/143922 patch
https://mail.python.org/archives/list/security-announce@python.org/thread/DD7C7… vendor-advisory
https://github.com/python/cpython/commit/6262704b134db2a4ba12e85ecfbd968534f28b… patch

Affected products

CPython

<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Untriaged

Permalink CVE-2026-0672

created 2 months ago

Header injection in http.cookies.Morsel

When using http.cookies.Morsel, user-controlled cookie values and parameters can allow injecting HTTP headers into messages. Patch rejects all control characters within cookie names, values, and parameters.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Untriaged

Permalink CVE-2026-0865

created 2 months ago

wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Untriaged

Permalink CVE-2025-15282

created 2 months ago

Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

References

Affected products

CPython

<3.13.12
<3.14.3
<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Untriaged

Permalink CVE-2025-15367

created 2 months ago

POP3 command injection in user-controlled commands

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

References

https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBO… vendor-advisory
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874… patch
https://github.com/python/cpython/pull/143924 patch
https://github.com/python/cpython/issues/143923 issue-tracking
https://github.com/python/cpython/pull/143924 patch
https://github.com/python/cpython/issues/143923 issue-tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBO… vendor-advisory
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874… patch
https://github.com/python/cpython/pull/143924 patch
https://github.com/python/cpython/issues/143923 issue-tracking
https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBO… vendor-advisory
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874… patch
https://mail.python.org/archives/list/security-announce@python.org/thread/CBFBO… vendor-advisory
https://github.com/python/cpython/commit/b234a2b67539f787e191d2ef19a7cbdce32874… patch
https://github.com/python/cpython/pull/143924 patch
https://github.com/python/cpython/issues/143923 issue-tracking

Affected products

CPython

<3.15.0a6
<3.15.0

Matching in nixpkgs

pkgs.haskellPackages.cpython

Bindings for libpython

nixos-unstable 3.9.0
- nixpkgs-unstable 3.9.0
- nixos-unstable-small 3.9.0

Package maintainers

@sheepforce Phillip Seeber <phillip.seeber@googlemail.com>

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.cpython

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.cpython

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.cpython

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.cpython

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.haskellPackages.cpython

Package maintainers