Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: python313Packages.beets-minimal

Found 1 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-42052

updated 1 month, 3 weeks ago by @LeSuisse Activity log

Created suggestion 1 month, 3 weeks ago
@LeSuisse ignored
9 packages
- python312Packages.beets-audible
- python312Packages.beets-minimal
- python313Packages.beets-audible
- python313Packages.beets-minimal
- python314Packages.beets-audible
- python312Packages.beets-alternatives
- python314Packages.beets-alternatives
- python313Packages.beets-alternatives
- pkgsRocm.python3Packages.beets-audible
1 month, 3 weeks ago
@LeSuisse restored
2 packages
- python312Packages.beets-minimal
- python313Packages.beets-minimal
1 month, 3 weeks ago
@LeSuisse accepted 1 month, 3 weeks ago
@LeSuisse published on GitHub 1 month, 3 weeks ago

beets is Vulnerable to XSS

Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0.

References

https://github.com/beetbox/beets/security/advisories/GHSA-3gxm-wfjx-m847 x_refsource_CONFIRM
https://github.com/beetbox/beets/releases/tag/v2.10.0 x_refsource_MISC

Affected products

beets

==< 2.10.0

Matching in nixpkgs

pkgs.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.pkgsRocm.beets

None

pkgs.python312Packages.beets

None

pkgs.python313Packages.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.python314Packages.beets

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.pkgsRocm.python3Packages.beets

None

pkgs.python312Packages.beets-minimal

None

pkgs.python313Packages.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

pkgs.python314Packages.beets-minimal

Music tagger and library organizer

nixos-unstable 2.10.0
- nixpkgs-unstable 2.10.0
- nixos-unstable-small 2.10.0

Ignored packages (7)

pkgs.python312Packages.beets-audible

None

pkgs.python313Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

pkgs.python314Packages.beets-audible

Beets-audible: Organize Your Audiobook Collection With Beets

nixos-unstable 1.4.0
- nixpkgs-unstable 1.4.0
- nixos-unstable-small 1.4.0

pkgs.python312Packages.beets-alternatives

None

pkgs.python313Packages.beets-alternatives

Beets plugin to manage external files

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.python314Packages.beets-alternatives

Beets plugin to manage external files

nixos-unstable 0.14.0
- nixpkgs-unstable 0.14.0
- nixos-unstable-small 0.14.0

pkgs.pkgsRocm.python3Packages.beets-audible

None

Package maintainers

@lovesegfault Bernardo Meurer <meurerbernardo@gmail.com>
@pjones Peter Jones <pjones@devalot.com>
@doronbehar Doron Behar <me@doronbehar.com>
@astratagem Chris Montgomery <chmont@protonmail.com>

1