Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-1129

NIXPKGS-2026-1129
published 1 month, 3 weeks ago
Permalink CVE-2026-34242
7.7 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 3 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @LeSuisse ignored
    8 packages
    • python314Packages.weblate-language-data
    • python313Packages.weblate-language-data
    • python314Packages.weblate-schemas
    • python313Packages.weblate-schemas
    • python312Packages.weblate-schemas
    • python314Packages.weblate-fonts
    • python312Packages.weblate-language-data
    • python313Packages.weblate-fonts
    1 month, 3 weeks ago
  • @LeSuisse accepted 1 month, 3 weeks ago
  • @LeSuisse published on GitHub 1 month, 3 weeks ago
Weblate: Arbitrary File Read via Symlink

Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has been fixed in version 5.17.

Affected products

weblate
  • ==< 5.17

Matching in nixpkgs

pkgs.weblate

Web based translation tool with tight version control integration

Ignored packages (8)

Package maintainers