Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: prosody

Found 4 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-43506
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 7 hours ago by @LeSuisse Activity log
  • Created suggestion 15 hours ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 7 hours ago
An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by memory leaks from unauthenticated connections.

Affected products

Prosody
  • <0.12.6
  • <13.0.5

Matching in nixpkgs

Ignored packages (2)
Published
Permalink CVE-2026-43504
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 7 hours ago by @LeSuisse Activity log
  • Created suggestion 15 hours ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 7 hours ago
An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in a paused scenario, relaying of unauthenticated traffic can occur.

Affected products

Prosody
  • <0.12.6
  • <13.0.5

Matching in nixpkgs

Ignored packages (2)
Published
Permalink CVE-2026-43507
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
updated 7 hours ago by @LeSuisse Activity log
  • Created suggestion 15 hours ago
  • @LeSuisse ignored reference https://b… 7 hours ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 7 hours ago
An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5. A Denial of Service can occur via memory exhaustion caused by XML parsing resource amplification from unauthenticated connections.

Affected products

Prosody
  • <0.12.6
  • <13.0.5

Matching in nixpkgs

Ignored packages (2)
Published
Permalink CVE-2026-43505
6.5 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
updated 7 hours ago by @LeSuisse Activity log
  • Created suggestion 15 hours ago
  • @LeSuisse ignored
    2 packages
    • prosody-filer
    • jitsi-meet-prosody
    7 hours ago
  • @LeSuisse accepted 7 hours ago
  • @LeSuisse published on GitHub 7 hours ago
An issue was discovered in Prosody before 0.12.6 and 1.0.0 …

An issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 mishandles access control in the activation scenario, relaying of unauthenticated traffic can occur.

Affected products

Prosody
  • <0.12.6
  • <13.0.5

Matching in nixpkgs

Ignored packages (2)