by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
27 packages
- flare
- flarectl
- photoflare
- cloudflared
- flare-floss
- gotlsaflare
- flare-signal
- flaresolverr
- cloudflare-cli
- cloudflare-ddns
- cloudflare-warp
- cloudflare-utils
- cloudflare-dyndns
- speed-cloudflare-cli
- cloudflare-dynamic-dns
- octodns-providers.cloudflare
- python312Packages.cloudflare
- python313Packages.cloudflare
- python314Packages.cloudflare
- prometheus-cloudflare-exporter
- terraform-providers.cloudflare
- gnomeExtensions.cloudflare-warp-toggle
- home-assistant-component-tests.cloudflare
- terraform-providers.cloudflare_cloudflare
- tests.home-assistant-component-tests.cloudflare
- tests.home-assistant-component-tests.cloudflare_r2
- haskellPackages.hs-opentelemetry-instrumentation-cloudflare
- @mweinelt dismissed
Flare: Private File IDOR via raw/direct endpoints
Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the raw and direct file routes only block unauthenticated users from accessing private files. Any authenticated, non‑owner user who knows the file URL can retrieve the content, which is inconsistent with stricter checks used by other endpoints. This issue has been patched in version 1.7.2.
References
- https://github.com/FlintSH/Flare/security/advisories/GHSA-gwqr-xf5c-5569 x_refsource_CONFIRM
Affected products
- ==< 1.7.2
Ignored packages (27)
pkgs.flare
Fantasy action RPG using the FLARE engine
pkgs.flarectl
CLI application for interacting with a Cloudflare account
pkgs.photoflare
Cross-platform image editor with a powerful features and a very friendly graphical user interface
pkgs.cloudflared
Cloudflare Tunnel daemon, Cloudflare Access toolkit, and DNS-over-HTTPS client
pkgs.flare-floss
Automatically extract obfuscated strings from malware
pkgs.gotlsaflare
Update TLSA DANE records on cloudflare from x509 certificates
pkgs.flare-signal
Unofficial Signal GTK client
pkgs.flaresolverr
Proxy server to bypass Cloudflare protection
pkgs.cloudflare-cli
CLI for interacting with Cloudflare
pkgs.cloudflare-ddns
Dynamic DNS (DDNS) client for Cloudflare
pkgs.cloudflare-warp
Replaces the connection between your device and the Internet with a modern, optimized, protocol
-
nixos-unstable 2026.1.150.0
- nixpkgs-unstable 2026.1.150.0
- nixos-unstable-small 2026.1.150.0
-
nixos-25.11 2025.10.186.0
- nixos-25.11-small 2025.10.186.0
- nixpkgs-25.11-darwin 2025.10.186.0
pkgs.cloudflare-utils
Helpful Cloudflare utility program
pkgs.cloudflare-dyndns
CloudFlare Dynamic DNS client
pkgs.speed-cloudflare-cli
Measure the speed and consistency of your internet connection using speed.cloudflare.com
-
nixos-unstable 2.0.3-unstable-2024-05-15
- nixpkgs-unstable 2.0.3-unstable-2024-05-15
- nixos-unstable-small 2.0.3-unstable-2024-05-15
-
nixos-25.11 2.0.3-unstable-2024-05-15
- nixos-25.11-small 2.0.3-unstable-2024-05-15
- nixpkgs-25.11-darwin 2.0.3-unstable-2024-05-15
pkgs.cloudflare-dynamic-dns
Dynamic DNS client for Cloudflare
pkgs.octodns-providers.cloudflare
Cloudflare API provider for octoDNS
pkgs.python312Packages.cloudflare
Official Python library for the Cloudflare API
pkgs.python313Packages.cloudflare
Official Python library for the Cloudflare API
pkgs.python314Packages.cloudflare
Official Python library for the Cloudflare API
pkgs.prometheus-cloudflare-exporter
Prometheus Cloudflare Exporter
pkgs.terraform-providers.cloudflare
None
pkgs.gnomeExtensions.cloudflare-warp-toggle
Toggle cloudflare warp in quick settings.
pkgs.home-assistant-component-tests.cloudflare
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.cloudflare
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.cloudflare_r2
Open source home automation that puts local control and privacy first
-
nixos-unstable cloudflare_r2-2026.2.3
- nixpkgs-unstable cloudflare_r2-2026.2.3
- nixos-unstable-small cloudflare_r2-2026.2.3