PT-2024-31807 · Nix · Nix
Published
2024-09-10
·
Updated
2024-09-12
·
CVE-2024-45845
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions:
nix versions 2.24 through 2.24.5
Description:
The issue allows directory traversal via a symlink in a nar file due to mishandling of a directory containing a symlink and a directory of the same name.
Recommendations:
For versions 2.24 through 2.24.5, consider restricting access to nar files and symlinks to minimize the risk of exploitation until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Nix