Nixpkgs Security Tracker

Untriaged

Permalink CVE-2021-47748

created 3 weeks ago

Hasura GraphQL 1.3.3 - Remote Code Execution

Hasura GraphQL 1.3.3 contains a remote code execution vulnerability that allows attackers to execute arbitrary shell commands through SQL query manipulation. Attackers can inject commands into the run_sql endpoint by crafting malicious GraphQL queries that execute system commands through PostgreSQL's COPY FROM PROGRAM functionality.

Affected products

GraphQL

==1.3.3

Matching in nixpkgs

pkgs.graphqlmap

Tool to interact with a GraphQL endpoint

nixos-unstable 0-unstable-2022-01-17
- nixpkgs-unstable 0-unstable-2022-01-17
- nixos-unstable-small 0-unstable-2022-01-17
nixos-25.05 2022-01-17
- nixos-25.05-small 2022-01-17
- nixpkgs-25.05-darwin 2022-01-17

pkgs.graphqlmaker

Tool to find graphql queries in Javascript files

nixos-unstable 0-unstable-2024-05-18
- nixpkgs-unstable 0-unstable-2024-05-18
- nixos-unstable-small 0-unstable-2024-05-18
nixos-25.05 0-unstable-2024-05-18
- nixos-25.05-small 0-unstable-2024-05-18
- nixpkgs-25.05-darwin 0-unstable-2024-05-18

pkgs.graphql-client

GraphQL tool for Rust projects

nixos-unstable 0.13.0
- nixpkgs-unstable 0.13.0
- nixos-unstable-small 0.13.0
nixos-25.05 0.13.0
- nixos-25.05-small 0.13.0
- nixpkgs-25.05-darwin 0.13.0

pkgs.get-graphql-schema

Fetch and print the GraphQL schema from a GraphQL HTTP endpoint.

nixos-unstable 2.1.1
- nixpkgs-unstable 2.1.1
- nixos-unstable-small 2.1.1
nixos-25.05 2.1.1
- nixos-25.05-small 2.1.1
- nixpkgs-25.05-darwin 2.1.1

pkgs.ocamlPackages.graphql

Build GraphQL schemas and execute queries against them

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.elmPackages.elm-graphql

Autogenerate type-safe GraphQL queries in Elm

nixos-unstable 4.3.2-beta.0
- nixpkgs-unstable 4.3.2-beta.0
- nixos-unstable-small 4.3.2-beta.0
nixos-25.05 4.3.1
- nixos-25.05-small 4.3.1
- nixpkgs-25.05-darwin 4.3.1

pkgs.haskellPackages.graphql

Haskell GraphQL implementation

nixos-unstable 1.5.0.1
- nixpkgs-unstable 1.5.0.1
- nixos-unstable-small 1.5.0.1
nixos-25.05 1.5.0.0
- nixos-25.05-small 1.5.0.0
- nixpkgs-25.05-darwin 1.5.0.0

pkgs.ocamlPackages.graphql-lwt

Build GraphQL schemas with Lwt support

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.ocamlPackages.graphql_ppx

GraphQL PPX rewriter for Bucklescript/ReasonML

nixos-unstable 1.2.3
- nixpkgs-unstable 1.2.3
- nixos-unstable-small 1.2.3

pkgs.ocamlPackages.irmin-graphql

GraphQL server for Irmin

nixos-unstable 3.11.0
- nixpkgs-unstable 3.11.0
- nixos-unstable-small 3.11.0

pkgs.graphql-language-service-cli

Official, runtime independent Language Service for GraphQL

nixos-unstable 3.5.0
- nixpkgs-unstable 3.5.0
- nixos-unstable-small 3.5.0
nixos-25.05 3.5.0
- nixos-25.05-small 3.5.0
- nixpkgs-25.05-darwin 3.5.0

pkgs.ocamlPackages.graphql-cohttp

Run GraphQL servers with “cohttp”

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.ocamlPackages.graphql_parser

Library for parsing GraphQL queries

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.haskellPackages.graphql-spice

GraphQL with batteries

nixos-unstable 1.0.6.0
- nixpkgs-unstable 1.0.6.0
- nixos-unstable-small 1.0.6.0
nixos-25.05 1.0.6.0
- nixos-25.05-small 1.0.6.0
- nixpkgs-25.05-darwin 1.0.6.0

pkgs.postgresqlPackages.pg_graphql

GraphQL support for PostgreSQL

nixos-unstable 1.5.12-unstable-2025-09-01
- nixpkgs-unstable 1.5.12-unstable-2025-09-01
- nixos-unstable-small 1.5.12-unstable-2025-09-01

pkgs.haskellPackages.graphql-client

A client for Haskell programs to query a GraphQL API

nixos-unstable 1.2.4
- nixpkgs-unstable 1.2.4
- nixos-unstable-small 1.2.4
nixos-25.05 1.2.4
- nixos-25.05-small 1.2.4
- nixpkgs-25.05-darwin 1.2.4

pkgs.python312Packages.graphql-core

Port of graphql-js to Python

nixos-unstable 3.2.6
- nixpkgs-unstable 3.2.6
- nixos-unstable-small 3.2.6
nixos-25.05 3.2.5
- nixos-25.05-small 3.2.5
- nixpkgs-25.05-darwin 3.2.5

pkgs.python313Packages.graphql-core

Port of graphql-js to Python

nixos-unstable 3.2.6
- nixpkgs-unstable 3.2.6
- nixos-unstable-small 3.2.6
nixos-25.05 3.2.5
- nixos-25.05-small 3.2.5
- nixpkgs-25.05-darwin 3.2.5

pkgs.postgresql14Packages.pg_graphql

GraphQL support for PostgreSQL

nixos-unstable 1.5.12-unstable-2025-09-01
- nixpkgs-unstable 1.5.12-unstable-2025-09-01
- nixos-unstable-small 1.5.12-unstable-2025-09-01

pkgs.postgresql15Packages.pg_graphql

GraphQL support for PostgreSQL

nixos-unstable 1.5.12-unstable-2025-09-01
- nixpkgs-unstable 1.5.12-unstable-2025-09-01
- nixos-unstable-small 1.5.12-unstable-2025-09-01

pkgs.postgresql16Packages.pg_graphql

GraphQL support for PostgreSQL

nixos-unstable 1.5.12-unstable-2025-09-01
- nixpkgs-unstable 1.5.12-unstable-2025-09-01
- nixos-unstable-small 1.5.12-unstable-2025-09-01

pkgs.python312Packages.graphql-relay

Library to help construct a graphql-py server supporting react-relay

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0
nixos-25.05 3.2.0
- nixos-25.05-small 3.2.0
- nixpkgs-25.05-darwin 3.2.0

pkgs.python312Packages.graphqlclient

Simple GraphQL client for Python

nixos-unstable 0.2.4
- nixpkgs-unstable 0.2.4
- nixos-unstable-small 0.2.4
nixos-25.05 0.2.4
- nixos-25.05-small 0.2.4
- nixpkgs-25.05-darwin 0.2.4

pkgs.python313Packages.graphql-relay

Library to help construct a graphql-py server supporting react-relay

nixos-unstable 3.2.0
- nixpkgs-unstable 3.2.0
- nixos-unstable-small 3.2.0
nixos-25.05 3.2.0
- nixos-25.05-small 3.2.0
- nixpkgs-25.05-darwin 3.2.0

pkgs.python313Packages.graphqlclient

Simple GraphQL client for Python

nixos-unstable 0.2.4
- nixpkgs-unstable 0.2.4
- nixos-unstable-small 0.2.4
nixos-25.05 0.2.4
- nixos-25.05-small 0.2.4
- nixpkgs-25.05-darwin 0.2.4

pkgs.haskellPackages.morpheus-graphql

Morpheus GraphQL

nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.ocamlPackages.irmin-mirage-graphql

MirageOS-compatible Irmin stores

nixos-unstable 3.11.0
- nixpkgs-unstable 3.11.0
- nixos-unstable-small 3.11.0

pkgs.haskellPackages.morpheus-graphql-app

Morpheus GraphQL App

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.python312Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-unstable 0.278.0
- nixpkgs-unstable 0.278.0
- nixos-unstable-small 0.278.0
nixos-25.05 0.263.1
- nixos-25.05-small 0.263.1
- nixpkgs-25.05-darwin 0.263.1

pkgs.python313Packages.strawberry-graphql

GraphQL library for Python that leverages type annotations

nixos-unstable 0.278.0
- nixpkgs-unstable 0.278.0
- nixos-unstable-small 0.278.0
nixos-25.05 0.263.1
- nixos-25.05-small 0.263.1
- nixpkgs-25.05-darwin 0.263.1

pkgs.dprint-plugins.g-plane-pretty_graphql

GraphQL formatter

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3
nixos-25.05 0.2.3
- nixos-25.05-small 0.2.3
- nixpkgs-25.05-darwin 0.2.3

pkgs.haskellPackages.morpheus-graphql-core

Morpheus GraphQL Core

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.python312Packages.graphql-server-core

Core package for using GraphQL in a custom server easily

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.python313Packages.graphql-server-core

Core package for using GraphQL in a custom server easily

nixos-unstable 2.0.0
- nixpkgs-unstable 2.0.0
- nixos-unstable-small 2.0.0
nixos-25.05 2.0.0
- nixos-25.05-small 2.0.0
- nixpkgs-25.05-darwin 2.0.0

pkgs.haskellPackages.morpheus-graphql-tests

Morpheus GraphQL Test

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.haskellPackages.morpheus-graphql-client

Morpheus GraphQL Client

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.haskellPackages.morpheus-graphql-server

Morpheus GraphQL

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.tree-sitter-grammars.tree-sitter-graphql

None

nixos-unstable 0.25.10
- nixpkgs-unstable 0.25.10
- nixos-unstable-small 0.25.10
nixos-25.05 0.25.3
- nixos-25.05-small 0.25.3
- nixpkgs-25.05-darwin 0.25.3

pkgs.vscode-extensions.graphql.vscode-graphql

GraphQL extension for VSCode built with the aim to tightly integrate the GraphQL Ecosystem with VSCode for an awesome developer experience

nixos-unstable 0.13.2
- nixpkgs-unstable 0.13.2
- nixos-unstable-small 0.13.2
nixos-25.05 0.13.2
- nixos-25.05-small 0.13.2
- nixpkgs-25.05-darwin 0.13.2

pkgs.haskellPackages.morpheus-graphql-code-gen

Morpheus GraphQL CLI

nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.vimPlugins.nvim-treesitter-parsers.graphql

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.05 -
- nixos-25.05-small
- nixpkgs-25.05-darwin

pkgs.vscode-extensions.apollographql.vscode-apollo

Rich editor support for GraphQL client and server development that seamlessly integrates with the Apollo platform

nixos-unstable 2.6.3
- nixpkgs-unstable 2.6.3
- nixos-unstable-small 2.6.3
nixos-25.05 2.6.2
- nixos-25.05-small 2.6.2
- nixpkgs-25.05-darwin 2.6.2

pkgs.haskellPackages.morpheus-graphql-subscriptions

Morpheus GraphQL Subscriptions

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.python312Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.05 0.7.1
- nixos-25.05-small 0.7.1
- nixpkgs-25.05-darwin 0.7.1

pkgs.python313Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

nixos-unstable 0.7.1
- nixpkgs-unstable 0.7.1
- nixos-unstable-small 0.7.1
nixos-25.05 0.7.1
- nixos-25.05-small 0.7.1
- nixpkgs-25.05-darwin 0.7.1

pkgs.haskellPackages.morpheus-graphql-code-gen-utils

Morpheus GraphQL CLI

nixos-unstable 0.28.1
- nixpkgs-unstable 0.28.1
- nixos-unstable-small 0.28.1
nixos-25.05 0.28.1
- nixos-25.05-small 0.28.1
- nixpkgs-25.05-darwin 0.28.1

pkgs.vscode-extensions.graphql.vscode-graphql-syntax

Adds full GraphQL syntax highlighting and language support such as bracket matching

nixos-unstable 1.3.8
- nixpkgs-unstable 1.3.8
- nixos-unstable-small 1.3.8
nixos-25.05 1.3.8
- nixos-25.05-small 1.3.8
- nixpkgs-25.05-darwin 1.3.8

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-graphql

Python bindings for tree-sitter-graphql

nixos-unstable 0.25.10
- nixpkgs-unstable 0.25.10
- nixos-unstable-small 0.25.10
nixos-25.05 0.25.3
- nixos-25.05-small 0.25.3
- nixpkgs-25.05-darwin 0.25.3

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-graphql

Python bindings for tree-sitter-graphql

nixos-unstable 0.25.10
- nixpkgs-unstable 0.25.10
- nixos-unstable-small 0.25.10
nixos-25.05 0.25.3
- nixos-25.05-small 0.25.3
- nixpkgs-25.05-darwin 0.25.3

Package maintainers

@phanirithvij Phani Rithvij <phanirithvij2000@gmail.com>
@PedroHLC Pedro Lara Campos <root@pedrohlc.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@bbigras Bruno Bigras <bigras.bruno@gmail.com>
@nathanregner Nathan Regner <nathanregner@gmail.com>
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
@maralorn maralorn <mail@maralorn.de>
@kamadorueda Kevin Amado <kamadorueda@gmail.com>
@dotlambda Robert Schütz <rschuetz17@gmail.com>
@lde Lilian Deloche <lilian.deloche@puck.fr>
@Izorkin Yurii Izorkin <Izorkin@gmail.com>
@mightyiam Shahar "Dawn" Or <mightyiampresence@gmail.com>
@stepbrobd Yifei Sun <ysun@hey.com>
@A-jay98 Ali Jamadi <ali@jamadi.me>
@adfaure Adrien Faure <adfaure@pm.me>
@datafoo datafoo
@vbgl Vincent Laporte <Vincent.Laporte@gmail.com>
@Zimmi48 Théo Zimmermann <theo.zimmermann@telecom-paris.fr>
@jtcoolen Julien Coolen <jtcoolen@pm.me>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@ju1m Julien Moutinho <julm+nixpkgs@sourcephile.fr>

Untriaged

(browse all)

Permalink CVE-2023-3899

created 4 months, 3 weeks ago

Subscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configuration

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the com.redhat.RHSM1.Config.SetAll() method, a low-privileged local user could tamper with the state of the registration, by unregistering the system or by changing the current entitlements. This flaw allows an attacker to set arbitrary configuration directives for /etc/rhsm/rhsm.conf, which can be abused to cause a local privilege escalation to an unconfined root.

Affected products

subscription-manager

==1.29.37
*
==1.28.39

Matching in nixpkgs

pkgs.python312Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

nixos-unstable -
- nixpkgs-unstable 0.7.1

pkgs.python313Packages.graphql-subscription-manager

Python3 library for graphql subscription manager

nixos-unstable -
- nixpkgs-unstable 0.7.1

Package maintainers

@dotlambda Robert Schütz <rschuetz17@gmail.com>

Suggestions search

Affected products

Matching in nixpkgs

pkgs.graphqlmap

pkgs.graphqlmaker

pkgs.graphql-client

pkgs.get-graphql-schema

pkgs.ocamlPackages.graphql

pkgs.elmPackages.elm-graphql

pkgs.haskellPackages.graphql

pkgs.ocamlPackages.graphql-lwt

pkgs.ocamlPackages.graphql_ppx

pkgs.ocamlPackages.irmin-graphql

pkgs.graphql-language-service-cli

pkgs.ocamlPackages.graphql-cohttp

pkgs.ocamlPackages.graphql_parser

pkgs.haskellPackages.graphql-spice

pkgs.postgresqlPackages.pg_graphql

pkgs.haskellPackages.graphql-client

pkgs.python312Packages.graphql-core

pkgs.python313Packages.graphql-core

pkgs.postgresql14Packages.pg_graphql

pkgs.postgresql15Packages.pg_graphql

pkgs.postgresql16Packages.pg_graphql

pkgs.python312Packages.graphql-relay

pkgs.python312Packages.graphqlclient

pkgs.python313Packages.graphql-relay

pkgs.python313Packages.graphqlclient

pkgs.haskellPackages.morpheus-graphql

pkgs.ocamlPackages.irmin-mirage-graphql

pkgs.haskellPackages.morpheus-graphql-app

pkgs.python312Packages.strawberry-graphql

pkgs.python313Packages.strawberry-graphql

pkgs.dprint-plugins.g-plane-pretty_graphql

pkgs.haskellPackages.morpheus-graphql-core

pkgs.python312Packages.graphql-server-core

pkgs.python313Packages.graphql-server-core

pkgs.haskellPackages.morpheus-graphql-tests

pkgs.haskellPackages.morpheus-graphql-client

pkgs.haskellPackages.morpheus-graphql-server

pkgs.tree-sitter-grammars.tree-sitter-graphql

pkgs.vscode-extensions.graphql.vscode-graphql

pkgs.haskellPackages.morpheus-graphql-code-gen

pkgs.vimPlugins.nvim-treesitter-parsers.graphql

pkgs.vscode-extensions.apollographql.vscode-apollo

pkgs.haskellPackages.morpheus-graphql-subscriptions

pkgs.python312Packages.graphql-subscription-manager

pkgs.python313Packages.graphql-subscription-manager

pkgs.haskellPackages.morpheus-graphql-code-gen-utils

pkgs.vscode-extensions.graphql.vscode-graphql-syntax

pkgs.python312Packages.tree-sitter-grammars.tree-sitter-graphql

pkgs.python313Packages.tree-sitter-grammars.tree-sitter-graphql

Package maintainers

Affected products

Matching in nixpkgs

pkgs.python312Packages.graphql-subscription-manager

pkgs.python313Packages.graphql-subscription-manager

Package maintainers