Home
MEDIUM: 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NDefault status
unaffected
2.24.7 (semver) before 2.28.7
affected
2.29.0 (semver) before 2.29.4
affected
2.30.0 (semver) before 2.30.5
affected
2.31.0 (semver) before 2.31.5
affected
2.32.0 (semver) before 2.32.8
affected
2.33.0 (semver) before 2.33.6
affected
2.34.0 (semver) before 2.34.7
affected
Description
An issue was discovered in Nix before 2.34.7. Writing to arbitrary files can occur via "nix-prefetch-url --unpack" or "nix store prefetch-file --unpack" directory traversal. The fixed versions are 2.34.7, 2.33.6, 2.32.8, 2.31.5, 2.30.5, 2.29.4, and 2.28.7 (introduced in 2.24.7);
Problem types
CWE-36 Absolute Path Traversal
Product status
2.24.7 (semver) before 2.28.7
2.29.0 (semver) before 2.29.4
2.30.0 (semver) before 2.30.5
2.31.0 (semver) before 2.31.5
2.32.0 (semver) before 2.32.8
2.33.0 (semver) before 2.33.6
2.34.0 (semver) before 2.34.7
References
discourse.nixos.org/...ilege-escalation-in-lix-and-nix/77407
www.openwall.com/lists/oss-security/2026/05/04/33
github.com/NixOS/nix/security/advisories/GHSA-gr92-w2r5-qw5p