NIXPKGS-2026-0857
GitHub issue
published on 31 Mar 2026
by @mweinelt Activity log
- Created automatic suggestion
-
@mweinelt
removed
5 packages
- tests.home-assistant-component-tests.tautulli
- python312Packages.pytautulli
- python313Packages.pytautulli
- python314Packages.pytautulli
- home-assistant-component-tests.tautulli
- @mweinelt accepted
- @mweinelt published on GitHub
Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.
References
- https://github.com/Tautulli/Tautulli/security/advisories/GHSA-xp55-2pf4-fv8m x_refsource_CONFIRM
- https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0 x_refsource_MISC
Affected products
Tautulli
- ==< 2.17.0
Matching in nixpkgs
Ignored packages (5)
pkgs.python312Packages.pytautulli
Python module to get information from Tautulli
pkgs.python313Packages.pytautulli
Python module to get information from Tautulli
pkgs.python314Packages.pytautulli
Python module to get information from Tautulli
pkgs.home-assistant-component-tests.tautulli
Open source home automation that puts local control and privacy first
pkgs.tests.home-assistant-component-tests.tautulli
Open source home automation that puts local control and privacy first
Package maintainers
-
@rhoriguchi Ryan Horiguchi <ryan.horiguchi@gmail.com>