Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python312Packages.unstructured

Found 1 matching suggestions

View:
Compact
Detailed
Dismissed
Permalink CVE-2025-64712
9.8 CRITICAL
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): HIGH
  • Availability impact (A): HIGH
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    13 packages
    • unstructured-api
    • pkgsRocm.unstructured-api
    • python312Packages.unstructured-client
    • python313Packages.unstructured-client
    • python314Packages.unstructured-client
    • python312Packages.unstructured-api-tools
    • python312Packages.unstructured-inference
    • python313Packages.unstructured-api-tools
    • python313Packages.unstructured-inference
    • python314Packages.unstructured-api-tools
    • python314Packages.unstructured-inference
    • pkgsRocm.python3Packages.unstructured-inference
    • tests.devShellTools.unstructuredDerivationInputEnv
    1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partition_msg function allows an attacker to write or overwrite arbitrary files on the filesystem when processing malicious MSG files with attachments. This issue has been patched in version 0.18.18.

References

Affected products

unstructured
  • ==< 0.18.18

Matching in nixpkgs

Package maintainers

Stable has never impacted (https://github.com/NixOS/nixpkgs/commit/af717cae2e2a3a0f01dd0fccf2bc2f2537f118cc)