NIXPKGS-2026-0857

GitHub issue published 2 months, 3 weeks ago

Permalink CVE-2026-31831

updated 2 months, 3 weeks ago by @mweinelt Activity log

Created suggestion 2 months, 3 weeks ago
@mweinelt ignored
5 packages
- tests.home-assistant-component-tests.tautulli
- python312Packages.pytautulli
- python313Packages.pytautulli
- python314Packages.pytautulli
- home-assistant-component-tests.tautulli
2 months, 3 weeks ago
@mweinelt accepted 2 months, 3 weeks ago
@mweinelt published on GitHub 2 months, 3 weeks ago

Tautulli: Unauthenticated Path Traversal in `/newsletter/image/images` endpoint

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0.

References

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-xp55-2pf4-fv8m x_refsource_CONFIRM
https://github.com/Tautulli/Tautulli/releases/tag/v2.17.0 x_refsource_MISC

Affected products

Tautulli

==< 2.17.0

Matching in nixpkgs

pkgs.tautulli

Python based monitoring and tracking tool for Plex Media Server

nixos-unstable 2.16.1
- nixpkgs-unstable 2.16.1
- nixos-unstable-small 2.17.0

Ignored packages (5)

pkgs.python312Packages.pytautulli

None

pkgs.python313Packages.pytautulli

Python module to get information from Tautulli

nixos-unstable 23.1.1
- nixpkgs-unstable 23.1.1
- nixos-unstable-small 23.1.1

pkgs.python314Packages.pytautulli

Python module to get information from Tautulli

nixos-unstable 23.1.1
- nixpkgs-unstable 23.1.1
- nixos-unstable-small 23.1.1

pkgs.home-assistant-component-tests.tautulli

None

pkgs.tests.home-assistant-component-tests.tautulli

Open source home automation that puts local control and privacy first

nixos-unstable 2026.3.4
- nixpkgs-unstable 2026.3.4
- nixos-unstable-small 2026.3.4

Package maintainers

@rhoriguchi Ryan Horiguchi <ryan.horiguchi@gmail.com>

https://github.com/Tautulli/Tautulli/security/advisories/GHSA-xp55-2pf4-fv8m

Nixpkgs security tracker

Details of issue NIXPKGS-2026-0857