Nixpkgs security tracker

Untriaged

Permalink CVE-2026-30231

created 1 month, 1 week ago

Flare: Private File IDOR via raw/direct endpoints

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.

References

https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569 x_refsource_CONFIRM

Affected products

Flare

==< 1.7.2

Matching in nixpkgs

pkgs.flare

Fantasy action RPG using the FLARE engine

nixos-unstable 1.14
- nixpkgs-unstable 1.14
- nixos-unstable-small 1.14
nixos-25.11 1.14
- nixos-25.11-small 1.14
- nixpkgs-25.11-darwin 1.14

pkgs.flarectl

CLI application for interacting with a Cloudflare account

nixos-unstable 0.116.0
- nixpkgs-unstable 0.116.0
- nixos-unstable-small 0.116.0
nixos-25.11 0.116.0
- nixos-25.11-small 0.116.0
- nixpkgs-25.11-darwin 0.116.0

pkgs.photoflare

Cross-platform image editor with a powerful features and a very friendly graphical user interface

nixos-unstable 1.6.13
- nixpkgs-unstable 1.6.13
- nixos-unstable-small 1.6.13
nixos-25.11 1.6.13
- nixos-25.11-small 1.6.13
- nixpkgs-25.11-darwin 1.6.13

pkgs.cloudflared

Cloudflare Tunnel daemon, Cloudflare Access toolkit, and DNS-over-HTTPS client

nixos-unstable 2026.2.0
- nixpkgs-unstable 2026.2.0
- nixos-unstable-small 2026.2.0
nixos-25.11 2025.11.1
- nixos-25.11-small 2025.11.1
- nixpkgs-25.11-darwin 2025.11.1

pkgs.flare-floss

Automatically extract obfuscated strings from malware

nixos-unstable 3.1.1
- nixpkgs-unstable 3.1.1
- nixos-unstable-small 3.1.1
nixos-25.11 3.1.1
- nixos-25.11-small 3.1.1
- nixpkgs-25.11-darwin 3.1.1

pkgs.gotlsaflare

Update TLSA DANE records on cloudflare from x509 certificates

nixos-unstable 2.8.2
- nixpkgs-unstable 2.8.2
- nixos-unstable-small 2.8.2
nixos-25.11 2.8.0
- nixos-25.11-small 2.8.0
- nixpkgs-25.11-darwin 2.8.0

pkgs.flare-signal

Unofficial Signal GTK client

nixos-unstable 0.18.4
- nixpkgs-unstable 0.18.4
- nixos-unstable-small 0.18.4
nixos-25.11 0.18.4
- nixos-25.11-small 0.18.4
- nixpkgs-25.11-darwin 0.18.4

pkgs.flaresolverr

Proxy server to bypass Cloudflare protection

nixos-unstable 3.4.6
- nixpkgs-unstable 3.4.6
- nixos-unstable-small 3.4.6
nixos-25.11 3.4.3
- nixos-25.11-small 3.4.3
- nixpkgs-25.11-darwin 3.4.3

pkgs.cloudflare-cli

CLI for interacting with Cloudflare

nixos-unstable 5.1.2
- nixpkgs-unstable 5.1.2
- nixos-unstable-small 5.1.2
nixos-25.11 5.1.0
- nixos-25.11-small 5.1.0
- nixpkgs-25.11-darwin 5.1.0

pkgs.cloudflare-ddns

Dynamic DNS (DDNS) client for Cloudflare

nixos-unstable 1.15.1
- nixpkgs-unstable 1.15.1
- nixos-unstable-small 1.15.1
nixos-25.11 1.15.1
- nixos-25.11-small 1.15.1
- nixpkgs-25.11-darwin 1.15.1

pkgs.cloudflare-warp

Replaces the connection between your device and the Internet with a modern, optimized, protocol

nixos-unstable 2026.1.150.0
- nixpkgs-unstable 2026.1.150.0
- nixos-unstable-small 2026.1.150.0
nixos-25.11 2025.10.186.0
- nixos-25.11-small 2025.10.186.0
- nixpkgs-25.11-darwin 2025.10.186.0