Nixpkgs security tracker
7.5 HIGH
- CVSS version: 3.1
- Attack vector (AV): NETWORK
- Attack complexity (AC): LOW
- Privileges required (PR): NONE
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): HIGH
- Integrity impact (I): NONE
- Availability impact (A): NONE
Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation
Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0.
References
Affected products
- ==< 3.1.0
Matching in nixpkgs
pkgs.distribution
Toolkit to pack, ship, store, and deliver container content
pkgs.protege-distribution
OWL2 ontology editor from Stanford, with third-party plugins included
pkgs.perlPackages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
pkgs.perl5Packages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
pkgs.perl538Packages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
pkgs.perl540Packages.LinuxDistribution
Perl extension to detect on which Linux distribution we are running
pkgs.perlPackages.DistributionMetadata
Distribution::Metadata - gather distribution metadata in local
pkgs.haskellPackages.normaldistribution
Minimum fuss normally distributed random values
pkgs.perl5Packages.DistributionMetadata
Distribution::Metadata - gather distribution metadata in local
pkgs.perlPackages.ParseLocalDistribution
Parses local .pm files as PAUSE does
pkgs.haskellPackages.distribution-nixpkgs
Types and functions to manipulate the Nixpkgs distribution
pkgs.perl538Packages.DistributionMetadata
Distribution::Metadata - gather distribution metadata in local
pkgs.perl540Packages.DistributionMetadata
Distribution::Metadata - gather distribution metadata in local
pkgs.perl5Packages.ParseLocalDistribution
Parses local .pm files as PAUSE does
pkgs.perlPackages.StatisticsDistributions
Perl module for calculating critical values and upper probabilities of common statistical distributions
pkgs.haskellPackages.distribution-opensuse
Types, functions, and tools to manipulate the openSUSE distribution
pkgs.perl5Packages.StatisticsDistributions
Perl module for calculating critical values and upper probabilities of common statistical distributions
pkgs.haskellPackages.splitmix-distributions
Random samplers for some common distributions, based on splitmix
pkgs.perl538Packages.ParseLocalDistribution
Parses local .pm files as PAUSE does
pkgs.perl540Packages.ParseLocalDistribution
Parses local .pm files as PAUSE does
pkgs.haskellPackages.ngx-export-distribution
Build custom libraries for Nginx Haskell module
pkgs.perl538Packages.StatisticsDistributions
Perl module for calculating critical values and upper probabilities of common statistical distributions
pkgs.perl540Packages.StatisticsDistributions
Perl module for calculating critical values and upper probabilities of common statistical distributions
pkgs.haskellPackages.distribution-nixpkgs-unstable
Types and functions to manipulate the Nixpkgs distribution
-
nixos-unstable 1.7.1.1-unstable-2026-01-25
- nixpkgs-unstable 1.7.1.1-unstable-2026-01-25
- nixos-unstable-small 1.7.1.1-unstable-2026-01-25
-
nixos-25.11 1.7.1.1-unstable-2025-11-20
- nixos-25.11-small 1.7.1.1-unstable-2025-11-20
- nixpkgs-25.11-darwin 1.7.1.1-unstable-2025-11-20
Package maintainers
-
@katexochen Paul Meyer <katexochen0@gmail.com>
-
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
-
@nessdoor Tomas Antonio Lopez <entropy.overseer@protonmail.com>