Nixpkgs security tracker

Login with GitHub
⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Details of issue NIXPKGS-2026-0002

NIXPKGS-2026-0002
published on
Permalink CVE-2024-0406
6.1 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): NONE
  • User interaction (UI): REQUIRED
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): HIGH
  • Availability impact (A): NONE
updated 2 months, 3 weeks ago by @fricklerhandwerk Activity log
  • Created automatic suggestion 1 year, 3 months ago
  • @LeSuisse accepted 1 year, 2 months ago
  • @fricklerhandwerk ignored
    6 packages
    • xarchiver
    • fsarchiver
    • wayback-machine-archiver
    • CuboCore.corearchiver
    • python311Packages.nskeyedunarchiver
    • python312Packages.nskeyedunarchiver
    3 months ago
  • @fricklerhandwerk deleted
    4 maintainers
    • @dan4ik605743
    • @kalbasit
    • @romildo
    • @jchv
    3 months ago maintainer.delete
  • @fricklerhandwerk published on GitHub 2 months, 3 weeks ago
Mholt/archiver: path traversal vulnerability

A flaw was discovered in the mholt/archiver package. This flaw allows an attacker to create a specially crafted tar file, which, when unpacked, may allow access to restricted files or directories. This issue can allow the creation or overwriting of files with the user's or application's privileges using the library.

References

Affected products

mholt
  • ==4
archiver
  • *
  • *
openshift4/oc-mirror-plugin-rhel8
openshift4/oc-mirror-plugin-rhel9
  • *
advanced-cluster-security/rhacs-main-rhel8
advanced-cluster-security/rhacs-roxctl-rhel8
advanced-cluster-security/rhacs-scanner-rhel8

Matching in nixpkgs

pkgs.archiver

Easily create & extract archives, and compress & decompress files of various formats

Ignored packages (6)

pkgs.xarchiver

GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)

Package maintainers

Ignored maintainers (3)