Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: haskellPackages.temporary-rc

Found 2 matching suggestions

View:
Compact
Detailed
Untriaged
Permalink CVE-2026-27878
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
created 12 hours ago Activity log
  • Created suggestion 12 hours ago
Tempo TraceQL query with exemplar hint could result in unbounded memory usage

A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service.

Affected products

Tempo
  • <2.10.2
Enterprise Traces (GET)
  • <2.8.8

Matching in nixpkgs

pkgs.tempo

High volume, minimal dependency trace storage

pkgs.temporal

Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability

pkgs.tempora_lgc

Tempora font

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small
  • nixos-26.05 -
    • nixos-26.05-small
    • nixpkgs-26.05-darwin

pkgs.temporal-cli

Command-line interface for running Temporal Server and interacting with Workflows, Activities, Namespaces, and other parts of Temporal

pkgs.gnomeExtensions.tempomate

Effortless time tracking in Jira Tempo timesheets!

  • nixos-unstable 17
    • nixpkgs-unstable 17
    • nixos-unstable-small 17
  • nixos-26.05 17
    • nixos-26.05-small 17
    • nixpkgs-26.05-darwin 17

Package maintainers

Dismissed
(not in Nixpkgs)
Permalink CVE-2026-21728
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse dismissed (not in Nixpkgs) 1 month, 3 weeks ago
Tempo query limit results in unbounded memory allocation

Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_result_limit in the search config, e.g. to 262144 (2^18).

Affected products

Tempo
  • <v2.11.0

Matching in nixpkgs

pkgs.tempo

High volume, minimal dependency trace storage

pkgs.temporal

Microservice orchestration platform which enables developers to build scalable applications without sacrificing productivity or reliability

pkgs.tempora_lgc

Tempora font

  • nixos-unstable -
    • nixpkgs-unstable
    • nixos-unstable-small

pkgs.temporal-cli

Command-line interface for running Temporal Server and interacting with Workflows, Activities, Namespaces, and other parts of Temporal

pkgs.temporal_capi

A Rust implementation of ECMAScript's Temporal API

Package maintainers