Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses

Filter by:

With package: ddev

Found 1 matching suggestions

View:

Compact

Detailed

Published

Permalink CVE-2026-32885

6.5 MEDIUM

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

updated 6 days, 11 hours ago by @LeSuisse Activity log

Created suggestion 6 days, 17 hours ago
@LeSuisse ignored
5 packages
- vdrPlugins.softhddevice
- python312Packages.sounddevice
- python313Packages.sounddevice
- python314Packages.sounddevice
- haskellPackages.gogol-androiddeviceprovisioning
6 days, 11 hours ago
@LeSuisse accepted 6 days, 11 hours ago
@LeSuisse published on GitHub 6 days, 11 hours ago

DDEV has ZipSlip path traversal in tar and zip archive extraction

DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Version 1.25.2 patches the issue.

References

https://github.com/ddev/ddev/security/advisories/GHSA-x2xq-qhjf-5mvg exploitx_refsource_CONFIRM

Ignored references (1)

https://github.com/ddev/ddev/releases/tag/v1.25.2 x_refsource_MISC

Affected products

ddev

==< 1.25.2

Matching in nixpkgs

pkgs.ddev

Docker-based local PHP+Node.js web development environments

nixos-unstable 1.25.1
- nixpkgs-unstable 1.25.1
- nixos-unstable-small 1.25.1
nixos-25.11 1.24.10
- nixos-25.11-small 1.24.10
- nixpkgs-25.11-darwin 1.24.10

Ignored packages (5)

pkgs.vdrPlugins.softhddevice

VDR SoftHDDevice Plug-in

nixos-unstable 2.4.8
- nixpkgs-unstable 2.4.8
- nixos-unstable-small 2.4.8
nixos-25.11 2.4.6
- nixos-25.11-small 2.4.6
- nixpkgs-25.11-darwin 2.4.6

pkgs.python312Packages.sounddevice

Play and Record Sound with Python

nixos-25.11 0.5.2
- nixos-25.11-small 0.5.2
- nixpkgs-25.11-darwin 0.5.2

pkgs.python313Packages.sounddevice

Play and Record Sound with Python

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3
nixos-25.11 0.5.2
- nixos-25.11-small 0.5.2
- nixpkgs-25.11-darwin 0.5.2

pkgs.python314Packages.sounddevice

Play and Record Sound with Python

nixos-unstable 0.5.3
- nixpkgs-unstable 0.5.3
- nixos-unstable-small 0.5.3

pkgs.haskellPackages.gogol-androiddeviceprovisioning

Google Android Device Provisioning Partner SDK

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

Package maintainers

@remyvv Remy van Velthuijsen <remy@remysplace.de>

1