Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2023-54331

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 months, 2 weeks ago

Outline 1.6.0 - Unquoted Service Path

Outline 1.6.0 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted service path in the OutlineService executable to inject malicious code that will be executed with LocalSystem permissions.

References

ExploitDB-51128 exploit
Official Outline Product Homepage product
VulnCheck Advisory: Outline 1.6.0 - Unquoted Service Path third-party-advisory

Affected products

Outline

==1.6.0

Matching in nixpkgs

pkgs.outline

Fastest wiki and knowledge base for growing teams. Beautiful, feature rich, and markdown compatible

nixos-unstable 0.85.1
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.go-outline

Utility to extract JSON representation of declarations from a Go source file

nixos-unstable 2021-06-08
- nixpkgs-unstable 2021-06-08
- nixos-unstable-small 2021-06-08
nixos-25.11 2021-06-08
- nixpkgs-25.11-darwin 2021-06-08

pkgs.mdbook-pdf-outline

None

nixos-unstable 0.1.6
- nixpkgs-unstable 0.1.6
- nixos-unstable-small 0.1.6
nixos-25.11 0.1.6
- nixpkgs-25.11-darwin 0.1.6

pkgs.python312Packages.outlines

Structured text generation

nixos-unstable 0.1.13
nixos-25.11 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.python313Packages.outlines

Structured text generation

nixos-unstable 0.1.13
- nixpkgs-unstable 1.2.9
- nixos-unstable-small 1.2.9
nixos-25.11 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.typstPackages.suboutline_0_1_0

An outline function just for one section and nothing else

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.typstPackages.suboutline_0_2_0

An outline function just for one section and nothing else

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.typstPackages.suboutline_0_3_0

An outline function just for one section and nothing else

nixos-unstable 0.3.0
- nixpkgs-unstable 0.3.0
- nixos-unstable-small 0.3.0
nixos-25.11 0.3.0
- nixpkgs-25.11-darwin 0.3.0

pkgs.mplus-outline-fonts.osdnRelease

M+ Outline Fonts (legacy OSDN release)

nixos-unstable 063a
- nixpkgs-unstable 063a
- nixos-unstable-small 063a
nixos-25.11 063a
- nixpkgs-25.11-darwin 063a

pkgs.python312Packages.outlines-core

Structured text generation (core)

nixos-unstable 0.1.26
nixos-25.11 0.2.11
- nixpkgs-25.11-darwin 0.2.11

pkgs.python313Packages.outlines-core

Structured text generation (core)

nixos-unstable 0.1.26
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13
nixos-25.11 0.2.11
- nixpkgs-25.11-darwin 0.2.11

pkgs.python314Packages.outlines-core

Structured text generation (core)

nixos-unstable -
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13

pkgs.mplus-outline-fonts.githubRelease

M+ Outline Fonts (GitHub release)

nixos-unstable 2022-05-19
- nixpkgs-unstable 2022-05-19
- nixos-unstable-small 2022-05-19
nixos-25.11 2022-05-19
- nixpkgs-25.11-darwin 2022-05-19

pkgs.pkgsRocm.python3Packages.outlines

Structured text generation

nixos-unstable -
- nixpkgs-unstable 1.2.9
- nixos-unstable-small 1.2.9
nixos-25.11 1.2.3
- nixpkgs-25.11-darwin 1.2.3

pkgs.typstPackages.outline-summaryst_0_1_0

A basic template for including a summary for each entry in the table of contents. Useful for writing books

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.pkgsRocm.python3Packages.outlines-core

Structured text generation (core)

nixos-unstable -
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13
nixos-25.11 0.2.11
- nixpkgs-25.11-darwin 0.2.11

Package maintainers

@vdemeester Vincent Demeester <vincent@sbr.pm>
@HollowMan6 Songlin Jiang <hollowman@hollowman.ml>
@uakci uakci <git@uakci.space>
@cab404 Vladimir Serov <cab404@mailbox.org>
@blitz Julian Stecklina <js@alien8.de>
@yrd Yannik Rödel <nix@yannik.info>
@xanderio Alexander Sieg <alex@xanderio.de>
@snue Stefan Nuernberger <kabelfrickler@gmail.com>
@CertainLach Yaroslav Bolyukin <iam@lach.pw>
@danieldk Daniël de Kok <me@danieldk.eu>
@cherrypiejam Gongqi Huang