Nixpkgs security tracker
Activity log
- Created suggestion
ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrusted byte arrays without configuring an ObjectInputFilter. This is a classic Java deserialization RCE pattern. At time of publication, there are no publicly available patches.
References
-
https://github.com/hyperledger/fabric/security/advisories/GHSA-prf8-cf2x-rhx7 x_refsource_CONFIRMexploit
-
https://hyperledger.github.io/fabric-gateway x_refsource_MISC
Affected products
- ==>= 1.0.0, <= 2.2.26
Matching in nixpkgs
pkgs.Fabric
Pythonic remote execution
pkgs.fabric-ai
Fabric is an open-source framework for augmenting humans using AI. It provides a modular framework for solving specific problems using a crowdsourced set of AI prompts that can be used anywhere
pkgs.libfabric
Open Fabric Interfaces
pkgs.fabric-installer
Lightweight, experimental modding toolchain for Minecraft
pkgs.hyperledger-fabric
High-performance, secure, permissioned blockchain network
pkgs.python312Packages.fabric
Pythonic remote execution
pkgs.python313Packages.fabric
Pythonic remote execution
pkgs.python314Packages.fabric
Pythonic remote execution
pkgs.cudaPackages.fabricmanager
None
-
nixos-25.11 570.124.06
- nixos-25.11-small 570.124.06
- nixpkgs-25.11-darwin 570.124.06
pkgs.python312Packages.dtfabric
Project to manage data types and structures, as used in the libyal projects
pkgs.python313Packages.dtfabric
Project to manage data types and structures, as used in the libyal projects
pkgs.python314Packages.dtfabric
Project to manage data types and structures, as used in the libyal projects
pkgs.azure-cli-extensions.microsoft-fabric
Microsoft Azure Command-Line Tools Microsoft Fabric Extension
pkgs.python312Packages.azure-servicefabric
This project provides a client library in Python that makes it easy to consume Microsoft Azure Storage services
pkgs.python313Packages.azure-servicefabric
This project provides a client library in Python that makes it easy to consume Microsoft Azure Storage services
pkgs.python314Packages.azure-servicefabric
This project provides a client library in Python that makes it easy to consume Microsoft Azure Storage services
pkgs.python312Packages.llm-templates-fabric
Load LLM templates from Fabric
pkgs.python312Packages.mypy-boto3-appfabric
Type annotations for boto3 appfabric
-
nixos-25.11 boto3-appfabric-1.41.0
- nixos-25.11-small boto3-appfabric-1.41.0
- nixpkgs-25.11-darwin boto3-appfabric-1.41.0
pkgs.python313Packages.llm-templates-fabric
Load LLM templates from Fabric
pkgs.python313Packages.mypy-boto3-appfabric
Type annotations for boto3 appfabric
-
nixos-unstable boto3-appfabric-1.43.0
- nixpkgs-unstable boto3-appfabric-1.43.0
- nixos-unstable-small boto3-appfabric-1.43.0
-
nixos-25.11 boto3-appfabric-1.41.0
- nixos-25.11-small boto3-appfabric-1.41.0
- nixpkgs-25.11-darwin boto3-appfabric-1.41.0
pkgs.python314Packages.llm-templates-fabric
Load LLM templates from Fabric
pkgs.python314Packages.mypy-boto3-appfabric
Type annotations for boto3 appfabric
-
nixos-unstable boto3-appfabric-1.43.0
- nixpkgs-unstable boto3-appfabric-1.43.0
- nixos-unstable-small boto3-appfabric-1.43.0
pkgs.azure-cli-extensions.managednetworkfabric
Support for managednetworkfabric commands based on 2025-07-15 API version
pkgs.python312Packages.azure-mgmt-servicefabric
This is the Microsoft Azure Service Fabric Management Client Library
pkgs.python313Packages.azure-mgmt-servicefabric
This is the Microsoft Azure Service Fabric Management Client Library
pkgs.python314Packages.azure-mgmt-servicefabric
This is the Microsoft Azure Service Fabric Management Client Library
pkgs.python312Packages.types-aiobotocore-appfabric
Type annotations for aiobotocore appfabric
pkgs.python313Packages.types-aiobotocore-appfabric
Type annotations for aiobotocore appfabric
pkgs.python312Packages.azure-mgmt-servicefabricmanagedclusters
This is the Microsoft Azure Service Fabric Cluster Management Client Library
pkgs.python313Packages.azure-mgmt-servicefabricmanagedclusters
This is the Microsoft Azure Service Fabric Cluster Management Client Library
pkgs.python314Packages.azure-mgmt-servicefabricmanagedclusters
This is the Microsoft Azure Service Fabric Cluster Management Client Library
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@samuela Samuel Ainsworth <skainsworth@gmail.com>
-
@YorikSar Yuriy Taraday <yorik.sar@gmail.com>
-
@prusnak Pavol Rusnak <pavol@rusnak.io>
-
@SomeoneSerge Else Someone <else+nixpkgs@someonex.net>
-
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
-
@jaredmontoya Jared Montoya
-
@bzizou Bruno Bzeznik <Bruno@bzizou.net>
-
@mwilsoncoding Max Wilson <nixpkgs@maxwilson.dev>
-
@fabaff Fabian Affolter <mail@fabian-affolter.ch>
-
@JayRovacsek Jay Rovacsek <nixpkgs@jay.rovacsek.com>
-
@philiptaron Philip Taron <philip.taron@gmail.com>
-
@mbalatsko Maksym Balatsko <mbalatsko@gmail.com>