Nixpkgs security tracker

Permalink CVE-2024-22050

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 9 months, 4 weeks ago

Iodine Static File Server Path Traversal Vulnerability

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

References

https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisoryx_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patchx_transferred
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisoryx_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patchx_transferred
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisoryx_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patchx_transferred
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisoryx_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patchx_transferred
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisoryx_transferred

Affected products

iodine

<0.7.33

Matching in nixpkgs

pkgs.iodine

Tool to tunnel IPv4 data through a DNS server

nixos-unstable 0.8.0
- nixpkgs-unstable 0.8.0
- nixos-unstable-small 0.8.0

pkgs.networkmanager-iodine

NetworkManager's iodine plugin

nixos-unstable 1.2.0-unstable-2024-11-02
- nixpkgs-unstable 1.2.0-unstable-2024-11-02
- nixos-unstable-small 1.2.0-unstable-2024-11-02

pkgs.emacsPackages.iodine-theme

None

nixos-unstable 20151031.1639
- nixpkgs-unstable 20151031.1639
- nixos-unstable-small 20151031.1639