Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: haskellPackages.cpython

Found 23 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-0865
created 4 months ago Activity log
  • Created suggestion 4 months ago
wsgiref.headers.Headers allows header newline injection

User-controlled header names and values containing newlines can allow injecting HTTP headers.

Affected products

CPython
  • <3.13.12
  • <3.15.0
  • <3.15.0a6
  • <3.14.3

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-15282
created 4 months ago Activity log
  • Created suggestion 4 months ago
Header injection via newlines in data URL mediatype

User-controlled data URLs parsed by urllib.request.DataHandler allow injecting headers through newlines in the data URL mediatype.

Affected products

CPython
  • <3.13.12
  • <3.15.0
  • <3.15.0a6
  • <3.14.3

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-15367
created 4 months ago Activity log
  • Created suggestion 4 months ago
POP3 command injection in user-controlled commands

The poplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Affected products

CPython
  • <3.15.0
  • <3.15.0a6

Matching in nixpkgs

Package maintainers