Nixpkgs security tracker

Untriaged

Permalink CVE-2026-30230

created 1 month, 1 week ago

Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing thumbnail access without the password. This issue has been patched in version 1.7.2.

References

https://github.com/FlintSH/Flare/security/advisories/GHSA-3x7v-x3r6-mjh7 x_refsource_CONFIRM

Affected products

Flare

==< 1.7.2

Matching in nixpkgs

pkgs.flare

Fantasy action RPG using the FLARE engine

nixos-unstable 1.14
- nixpkgs-unstable 1.14
- nixos-unstable-small 1.14
nixos-25.11 1.14
- nixos-25.11-small 1.14
- nixpkgs-25.11-darwin 1.14

pkgs.flarectl

CLI application for interacting with a Cloudflare account

nixos-unstable 0.116.0
- nixpkgs-unstable 0.116.0
- nixos-unstable-small 0.116.0
nixos-25.11 0.116.0
- nixos-25.11-small 0.116.0
- nixpkgs-25.11-darwin 0.116.0

pkgs.photoflare

Cross-platform image editor with a powerful features and a very friendly graphical user interface

nixos-unstable 1.6.13
- nixpkgs-unstable 1.6.13
- nixos-unstable-small 1.6.13
nixos-25.11 1.6.13
- nixos-25.11-small 1.6.13
- nixpkgs-25.11-darwin 1.6.13

pkgs.cloudflared

Cloudflare Tunnel daemon, Cloudflare Access toolkit, and DNS-over-HTTPS client

nixos-unstable 2026.2.0
- nixpkgs-unstable 2026.2.0
- nixos-unstable-small 2026.2.0
nixos-25.11 2025.11.1
- nixos-25.11-small 2025.11.1
- nixpkgs-25.11-darwin 2025.11.1

pkgs.flare-floss

Automatically extract obfuscated strings from malware

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 3.1.1
- nixos-25.11-small 3.1.1
- nixpkgs-25.11-darwin 3.1.1

pkgs.gotlsaflare

Update TLSA DANE records on cloudflare from x509 certificates

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2
nixos-25.11 2.8.0
- nixos-25.11-small 2.8.0
- nixpkgs-25.11-darwin 2.8.0

pkgs.flare-signal

Unofficial Signal GTK client

nixos-unstable 0.18.4
- nixpkgs-unstable 0.18.4
- nixos-unstable-small 0.18.4
nixos-25.11 0.18.4
- nixos-25.11-small 0.18.4
- nixpkgs-25.11-darwin 0.18.4

pkgs.flaresolverr

Proxy server to bypass Cloudflare protection

nixos-unstable 3.4.6
- nixpkgs-unstable 3.4.6
- nixos-unstable-small 3.4.6
nixos-25.11 3.4.3
- nixos-25.11-small 3.4.3
- nixpkgs-25.11-darwin 3.4.3

pkgs.cloudflare-cli

CLI for interacting with Cloudflare

nixos-unstable 5.1.2
- nixpkgs-unstable 5.1.2
- nixos-unstable-small 5.1.2
nixos-25.11 5.1.0
- nixos-25.11-small 5.1.0
- nixpkgs-25.11-darwin 5.1.0

pkgs.cloudflare-ddns

Dynamic DNS (DDNS) client for Cloudflare

nixos-unstable 1.15.1
- nixpkgs-unstable 1.15.1
- nixos-unstable-small 1.15.1
nixos-25.11 1.15.1
- nixos-25.11-small 1.15.1
- nixpkgs-25.11-darwin 1.15.1

pkgs.cloudflare-warp

Replaces the connection between your device and the Internet with a modern, optimized, protocol

nixos-unstable 2026.1.150.0
- nixpkgs-unstable 2026.1.150.0
- nixos-unstable-small 2026.1.150.0
nixos-25.11 2025.10.186.0
- nixos-25.11-small 2025.10.186.0
- nixpkgs-25.11-darwin 2025.10.186.0