Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: heimdall-proxy

Found 2 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-32811
8.2 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 6 days, 8 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 1 day ago
  • @LeSuisse removed
    2 packages
    • heimdall
    • heimdall-gui
    6 days, 8 hours ago
  • @LeSuisse accepted 6 days, 8 hours ago
  • @LeSuisse published on GitHub 6 days, 8 hours ago
Heimdall: Path received via Envoy gRPC corrupted when containing query string

Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. When using Heimdall in envoy gRPC decision API mode with versions 0.7.0-alpha through 0.17.10, wrong encoding of the query URL string allows rules with non-wildcard path expressions to be bypassed. Envoy splits the requested URL into parts, and sends the parts individually to Heimdall. Although query and path are present in the API, the query field is documented to be always empty and the URL query is included in the path field. The implementation uses go's url library to reconstruct the url which automatically encodes special characters in the path. As a consequence, a parameter like /mypath?foo=bar to Path is escaped into /mypath%3Ffoo=bar. Subsequently, a rule matching /mypath no longer matches and is bypassed. The issue can only lead to unintended access if Heimdall is configured with an "allow all" default rule. Since v0.16.0, Heimdall enforces secure defaults and refuses to start with such a configuration unless this enforcement is explicitly disabled, e.g. via --insecure-skip-secure-default-rule-enforcement or the broader --insecure flag. This issue has been fixed in version 0.17.11.

References

Affected products

heimdall
  • ==>= 0.7.0-alpha, < 0.17.11

Matching in nixpkgs

Ignored packages (2)

Package maintainers

Upstream advisory: https://github.com/dadrus/heimdall/security/advisories/GHSA-r8x2-fhmf-6mxp
Untriaged
Permalink CVE-2023-2968
7.5 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): HIGH
created 6 months, 1 week ago
Undefined variable usage in npm package "proxy" leads to remote denial of service

A remote attacker can trigger a denial of service in the socket.remoteAddress variable, by sending a crafted HTTP request. Usage of the undefined variable raises a TypeError exception.

References

Affected products

proxy
  • <2.1.1

Matching in nixpkgs

pkgs.tproxy

CLI tool to proxy and analyze TCP connections

  • nixos-unstable -

pkgs._3proxy

Tiny free proxy server

  • nixos-unstable -

pkgs.g3proxy

Enterprise-oriented Generic Proxy Solutions

  • nixos-unstable -

pkgs.gvproxy

Network stack based on gVisor

  • nixos-unstable -

pkgs.haproxy

Reliable, high performance TCP/HTTP load balancer

  • nixos-unstable -

pkgs.ldproxy

Linker Proxy: a simple tool to forward linker arguments to the actual linker executable

  • nixos-unstable -

pkgs.moproxy

Transparent TCP to SOCKSv5/HTTP proxy on Linux written in Rust

  • nixos-unstable -

pkgs.ocproxy

OpenConnect proxy

  • nixos-unstable -

pkgs.reproxy

Simple edge server / reverse proxy

  • nixos-unstable -

pkgs.s3proxy

Access other storage backends via the S3 API

  • nixos-unstable -

pkgs.dnsproxy

Simple DNS proxy with DoH, DoT, and DNSCrypt support

  • nixos-unstable -

pkgs.imgproxy

Fast and secure on-the-fly image processing server written in Go

  • nixos-unstable -

pkgs.libproxy

Library that provides automatic proxy configuration management

  • nixos-unstable -

pkgs.mapproxy

Open source proxy for geospatial data

  • nixos-unstable -

pkgs.pacproxy

No-frills local HTTP proxy server powered by a proxy auto-config (PAC) file

  • nixos-unstable -

pkgs.proxyman

Capture, inspect, and manipulate HTTP(s) requests/responses with ease

  • nixos-unstable -

pkgs.proxypin

Capture HTTP(S) traffic software

  • nixos-unstable -

pkgs.proxysql

High-performance MySQL proxy

  • nixos-unstable -

pkgs.sniproxy

Transparent TLS and HTTP layer 4 proxy with SNI support

  • nixos-unstable -

pkgs.xssproxy

Forward freedesktop.org Idle Inhibition Service calls to Xss

  • nixos-unstable -

pkgs.dkimproxy

SMTP-proxy that signs and/or verifies emails

  • nixos-unstable -

pkgs.igmpproxy

Daemon that routes multicast using IGMP forwarding

  • nixos-unstable -

pkgs.mcp-proxy

MCP server which proxies other MCP servers from stdio to SSE or from SSE to stdio

  • nixos-unstable -

pkgs.proxyauth

Proxy Authentication Token - Fast authentication gateway for backend APIs

  • nixos-unstable -

pkgs.tinyproxy

Light-weight HTTP/HTTPS proxy daemon for POSIX operating systems

  • nixos-unstable -

pkgs.toxiproxy

Proxy for for simulating network conditions

  • nixos-unstable -

pkgs.tun2proxy

Tunnel (TUN) interface for SOCKS and HTTP proxies

  • nixos-unstable -

pkgs.wireproxy

Wireguard client that exposes itself as a socks5 proxy

  • nixos-unstable -

pkgs.localproxy

AWS IoT Secure Tunneling Local Proxy Reference Implementation C++

  • nixos-unstable -

pkgs.netns-proxy

Simple and slim proxy to forward ports from and into linux network namespaces

  • nixos-unstable -

pkgs.radsecproxy

Generic RADIUS proxy that supports both UDP and TLS (RadSec) RADIUS transports

  • nixos-unstable -

pkgs.trevorproxy

Module to rotate the source IP address via SSH proxies and other methods

  • nixos-unstable -

pkgs.vouch-proxy

SSO and OAuth / OIDC login solution for NGINX using the auth_request module

  • nixos-unstable -

pkgs.xmrig-proxy

Monero (XMR) Stratum protocol proxy

  • nixos-unstable -

pkgs.alpaca-proxy

HTTP forward proxy with PAC and NTLM authentication support

  • nixos-unstable -

pkgs.oauth2-proxy

Reverse proxy that provides authentication with Google, Github, or other providers

  • nixos-unstable -

pkgs.doh-proxy-rust

Fast, mature, secure DoH server proxy written in Rust

  • nixos-unstable -

pkgs.heimdall-proxy

Cloud native Identity Aware Proxy and Access Control Decision service

  • nixos-unstable -

pkgs.proxychains-ng

Preloader which hooks calls to sockets in dynamically linked programs and redirects it through one or more socks/http proxies

  • nixos-unstable -

pkgs.zabbix.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.immich-public-proxy

Share your Immich photos and albums in a safe way without exposing your Immich instance to the public

  • nixos-unstable -

pkgs.zabbix.proxy-sqlite

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix60.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix60.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix70.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix70.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix72.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix72.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix74.proxy-mysql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix74.proxy-pgsql

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix60.proxy-sqlite

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix70.proxy-sqlite

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix72.proxy-sqlite

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.zabbix74.proxy-sqlite

Enterprise-class open source distributed monitoring solution (client-server proxy)

  • nixos-unstable -

pkgs.ios-webkit-debug-proxy

DevTools proxy (Chrome Remote Debugging Protocol) for iOS devices (Safari Remote Web Inspector)

  • nixos-unstable -

Package maintainers