Suggestions search

All statuses

Filter by:

With package: perl5Packages.DistributionMetadata

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-35172

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 week, 1 day ago

Distribution has stale blob access resurrection via repo-scoped redis descriptor cache invalidation

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. The delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get from repo b repopulates the shared descriptor and makes the deleted blob readable from repo a again. This vulnerability is fixed in 3.1.0.

References

https://github.com/distribution/distribution/security/advisories/GHSA-f2g3-hh2r-cwgc x_refsource_CONFIRM

Affected products

distribution

==< 3.1.0

Matching in nixpkgs

pkgs.distribution

Toolkit to pack, ship, store, and deliver container content

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.11 3.0.0
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

pkgs.protege-distribution

OWL2 ontology editor from Stanford, with third-party plugins included

nixos-unstable 5.6.3
- nixpkgs-unstable 5.6.3
- nixos-unstable-small 5.6.3
nixos-25.11 5.6.3
- nixos-25.11-small 5.6.3
- nixpkgs-25.11-darwin 5.6.3

pkgs.perlPackages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23
nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl5Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23

pkgs.perl538Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl540Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perlPackages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-unstable 0.10
- nixpkgs-unstable 0.10
- nixos-unstable-small 0.10
nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.haskellPackages.normaldistribution

Minimum fuss normally distributed random values

nixos-unstable 1.1.0.3
- nixpkgs-unstable 1.1.0.3
- nixos-unstable-small 1.1.0.3
nixos-25.11 1.1.0.3
- nixos-25.11-small 1.1.0.3
- nixpkgs-25.11-darwin 1.1.0.3

pkgs.perl5Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-unstable 0.10
- nixpkgs-unstable 0.10
- nixos-unstable-small 0.10

pkgs.perlPackages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-unstable 0.19
- nixpkgs-unstable 0.19
- nixos-unstable-small 0.19
nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.haskellPackages.distribution-nixpkgs

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1
- nixpkgs-unstable 1.7.1.1
- nixos-unstable-small 1.7.1.1
nixos-25.11 1.7.1.1
- nixos-25.11-small 1.7.1.1
- nixpkgs-25.11-darwin 1.7.1.1

pkgs.perl538Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.perl540Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.perl5Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-unstable 0.19
- nixpkgs-unstable 0.19
- nixos-unstable-small 0.19

pkgs.perlPackages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-unstable 1.02
- nixpkgs-unstable 1.02
- nixos-unstable-small 1.02
nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.haskellPackages.distribution-opensuse

Types, functions, and tools to manipulate the openSUSE distribution

nixos-unstable 1.1.4
- nixpkgs-unstable 1.1.4
- nixos-unstable-small 1.1.4
nixos-25.11 1.1.4
- nixos-25.11-small 1.1.4
- nixpkgs-25.11-darwin 1.1.4

pkgs.perl5Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-unstable 1.02
- nixpkgs-unstable 1.02
- nixos-unstable-small 1.02

pkgs.haskellPackages.splitmix-distributions

Random samplers for some common distributions, based on splitmix

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.perl538Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.perl540Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.haskellPackages.ngx-export-distribution

Build custom libraries for Nginx Haskell module

nixos-unstable 0.6.0.2
- nixpkgs-unstable 0.6.0.2
- nixos-unstable-small 0.6.0.2
nixos-25.11 0.6.0.1
- nixos-25.11-small 0.6.0.1
- nixpkgs-25.11-darwin 0.6.0.1

pkgs.perl538Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.perl540Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.haskellPackages.distribution-nixpkgs-unstable

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1-unstable-2026-01-25
- nixpkgs-unstable 1.7.1.1-unstable-2026-01-25
- nixos-unstable-small 1.7.1.1-unstable-2026-01-25
nixos-25.11 1.7.1.1-unstable-2025-11-20
- nixos-25.11-small 1.7.1.1-unstable-2025-11-20
- nixpkgs-25.11-darwin 1.7.1.1-unstable-2025-11-20

Package maintainers

@katexochen Paul Meyer <katexochen0@gmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@nessdoor Tomas Antonio Lopez <entropy.overseer@protonmail.com>

Untriaged

Permalink CVE-2026-33540

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 week, 1 day ago

Distribution affected by pull-through cache credential exfiltration via www-authenticate bearer realm

Distribution is a toolkit to pack, ship, store, and deliver container content. Prior to 3.1.0, in pull-through cache mode, distribution discovers token auth endpoints by parsing WWW-Authenticate challenges returned by the configured upstream registry. The realm URL from a bearer challenge is used without validating that it matches the upstream registry host. As a result, an attacker-controlled upstream (or an attacker with MitM position to the upstream) can cause distribution to send the configured upstream credentials via basic auth to an attacker-controlled realm URL. This vulnerability is fixed in 3.1.0.

References

https://github.com/distribution/distribution/security/advisories/GHSA-3p65-76g6-3w7r x_refsource_CONFIRM
https://github.com/distribution/distribution/security/advisories/GHSA-3p65-76g6… exploit

Affected products

distribution

==< 3.1.0

Matching in nixpkgs

pkgs.distribution

Toolkit to pack, ship, store, and deliver container content

nixos-unstable 3.0.0
- nixpkgs-unstable 3.0.0
- nixos-unstable-small 3.0.0
nixos-25.11 3.0.0
- nixos-25.11-small 3.0.0
- nixpkgs-25.11-darwin 3.0.0

pkgs.protege-distribution

OWL2 ontology editor from Stanford, with third-party plugins included

nixos-unstable 5.6.3
- nixpkgs-unstable 5.6.3
- nixos-unstable-small 5.6.3
nixos-25.11 5.6.3
- nixos-25.11-small 5.6.3
- nixpkgs-25.11-darwin 5.6.3

pkgs.perlPackages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23
nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl5Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-unstable 0.23
- nixpkgs-unstable 0.23
- nixos-unstable-small 0.23

pkgs.perl538Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perl540Packages.LinuxDistribution

Perl extension to detect on which Linux distribution we are running

nixos-25.11 0.23
- nixos-25.11-small 0.23
- nixpkgs-25.11-darwin 0.23

pkgs.perlPackages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-unstable 0.10
- nixpkgs-unstable 0.10
- nixos-unstable-small 0.10
nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.haskellPackages.normaldistribution

Minimum fuss normally distributed random values

nixos-unstable 1.1.0.3
- nixpkgs-unstable 1.1.0.3
- nixos-unstable-small 1.1.0.3
nixos-25.11 1.1.0.3
- nixos-25.11-small 1.1.0.3
- nixpkgs-25.11-darwin 1.1.0.3

pkgs.perl5Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-unstable 0.10
- nixpkgs-unstable 0.10
- nixos-unstable-small 0.10

pkgs.perlPackages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-unstable 0.19
- nixpkgs-unstable 0.19
- nixos-unstable-small 0.19
nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.haskellPackages.distribution-nixpkgs

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1
- nixpkgs-unstable 1.7.1.1
- nixos-unstable-small 1.7.1.1
nixos-25.11 1.7.1.1
- nixos-25.11-small 1.7.1.1
- nixpkgs-25.11-darwin 1.7.1.1

pkgs.perl538Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.perl540Packages.DistributionMetadata

Distribution::Metadata - gather distribution metadata in local

nixos-25.11 0.10
- nixos-25.11-small 0.10
- nixpkgs-25.11-darwin 0.10

pkgs.perl5Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-unstable 0.19
- nixpkgs-unstable 0.19
- nixos-unstable-small 0.19

pkgs.perlPackages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-unstable 1.02
- nixpkgs-unstable 1.02
- nixos-unstable-small 1.02
nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.haskellPackages.distribution-opensuse

Types, functions, and tools to manipulate the openSUSE distribution

nixos-unstable 1.1.4
- nixpkgs-unstable 1.1.4
- nixos-unstable-small 1.1.4
nixos-25.11 1.1.4
- nixos-25.11-small 1.1.4
- nixpkgs-25.11-darwin 1.1.4

pkgs.perl5Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-unstable 1.02
- nixpkgs-unstable 1.02
- nixos-unstable-small 1.02

pkgs.haskellPackages.splitmix-distributions

Random samplers for some common distributions, based on splitmix

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.perl538Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.perl540Packages.ParseLocalDistribution

Parses local .pm files as PAUSE does

nixos-25.11 0.19
- nixos-25.11-small 0.19
- nixpkgs-25.11-darwin 0.19

pkgs.haskellPackages.ngx-export-distribution

Build custom libraries for Nginx Haskell module

nixos-unstable 0.6.0.2
- nixpkgs-unstable 0.6.0.2
- nixos-unstable-small 0.6.0.2
nixos-25.11 0.6.0.1
- nixos-25.11-small 0.6.0.1
- nixpkgs-25.11-darwin 0.6.0.1

pkgs.perl538Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.perl540Packages.StatisticsDistributions

Perl module for calculating critical values and upper probabilities of common statistical distributions

nixos-25.11 1.02
- nixos-25.11-small 1.02
- nixpkgs-25.11-darwin 1.02

pkgs.haskellPackages.distribution-nixpkgs-unstable

Types and functions to manipulate the Nixpkgs distribution

nixos-unstable 1.7.1.1-unstable-2026-01-25
- nixpkgs-unstable 1.7.1.1-unstable-2026-01-25
- nixos-unstable-small 1.7.1.1-unstable-2026-01-25
nixos-25.11 1.7.1.1-unstable-2025-11-20
- nixos-25.11-small 1.7.1.1-unstable-2025-11-20
- nixpkgs-25.11-darwin 1.7.1.1-unstable-2025-11-20

Package maintainers

@katexochen Paul Meyer <katexochen0@gmail.com>
@sternenseemann Lukas Epple <sternenseemann@systemli.org>
@nessdoor Tomas Antonio Lopez <entropy.overseer@protonmail.com>