Nixpkgs security tracker

Permalink CVE-2025-39436

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 1 year ago

WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

References

https://patchstack.com/database/wordpress/plugin/idraw/vulnerability/wordpress-… vdb-entry

Affected products

idraw

=<1.0

Matching in nixpkgs

pkgs.kanjidraw

Handwritten kanji recognition

nixos-unstable 0.2.3
- nixpkgs-unstable 0.2.3
- nixos-unstable-small 0.2.3

pkgs.jitsi-excalidraw

Excalidraw collaboration backend for Jitsi

nixos-unstable 21
- nixpkgs-unstable 21
- nixos-unstable-small 21

pkgs.excalidraw_export

CLI to export Excalidraw drawings to SVG and PDF

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0

pkgs.tests.pkg-config.defaultPkgConfigPackages.hidapi-hidraw

Test whether hidapi-0.14.0 exposes pkg-config modules hidapi-hidraw

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small

Package maintainers

@venikx Kevin De Baerdemaeker <code@venikx.com>
@camillemndn Camille M. <camillemondon@free.fr>
@obfusk FC Stegerman <flx@obfusk.net>
@prusnak Pavol Rusnak <pavol@rusnak.io>

Suggestions search