CNNVD-202508-1065 Information

CNNVD ID

CNNVD-202508-1065

Related CVE

CVE-2025-54800

• CNNVD Published: 2025-08-12

Description (Chinese)

Hydra是Nix开源的一个基于Nix项目的持续集成服务。 Hydra dea1e16之前版本存在跨站脚本漏洞，该漏洞源于恶意包可注入任意JavaScript代码，可能导致跨站脚本攻击。

Description (English)

Hydra is a continuous integration service based on the Nix project, which is an open source for Nix. The pre-Hydra dea1e16 version had a cross-site script loophole, which stemmed from the fact that a malicious package could inject any JavaScript code and could lead to cross-site script attacks.

Hazard Level

High

Vulnerability Type

跨站脚本

Affected Vendor

Nix

Published

2025-08-12

Last Modified

2026-02-24

References

https://github.com/NixOS/hydra/commit/dea1e168f590efb27db32dbacc82b09e15f8ae4b https://github.com/NixOS/hydra/security/advisories/GHSA-7qwg-q53v-vh99

Patch

https://hydra.cc/