CVE-2024-36050

Name of the Vulnerable Software and Affected Versions Nix versions prior to 2.22.1

Description The issue makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. This is due to the mishandling of certain usage of hash caches.

Recommendations For versions prior to 2.22.1, update to a version that includes the fix for this issue to prevent attackers from replacing source code. As a temporary workaround, consider implementing additional validation and verification steps for pull requests to minimize the risk of accepting malicious changes. Restrict access to hash cache functionality to minimize the risk of exploitation.