Nixpkgs Security Tracker

Permalink CVE-2026-1520

2.4 LOW

CVSS version: 3.1
Attack vector (AV):
Attack complexity (AC):
Privileges required (PR):
User interaction (UI):
Scope (S):
Confidentiality impact (C):
Integrity impact (I):
Availability impact (A):

updated 1 month, 2 weeks ago by @LeSuisse Activity log

Created automatic suggestion 1 month, 3 weeks ago
@LeSuisse removed
2 packages
- python312Packages.rethinkdb
- python313Packages.rethinkdb
1 month, 2 weeks ago
@LeSuisse dismissed 1 month, 2 weeks ago

rethinkdb Secondary Index cross site scripting

A vulnerability was identified in rethinkdb up to 2.4.3. Affected by this issue is some unknown functionality of the component Secondary Index Handler. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.

References

https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting… related
https://github.com/59lab/dbdb/blob/main/There%20is%20a%20cross-site%20scripting… exploit
VDB-343191 | rethinkdb Secondary Index cross site scripting vdb-entry
VDB-343191 | CTI Indicators (IOB, IOC, TTP) signature permissions-required
Submit #738312 | rethinkdb V2.4.3(latest) cross-site scripting(XSS) third-party-advisory

Affected products

rethinkdb

==2.4.0
==2.4.3
==2.4.2
==2.4.1

Matching in nixpkgs

pkgs.rethinkdb

Open-source distributed database built with love

nixos-unstable 2.4.4
- nixpkgs-unstable 2.4.4
- nixos-unstable-small 2.4.4

Package maintainers

@thoughtpolice Austin Seipp <aseipp@pobox.com>

Current stable was never impacted.

https://github.com/NixOS/nixpkgs/commit/bc2205c9e51129da88e9e57105b420123507ba90

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.rethinkdb

Package maintainers