Nixpkgs Security Tracker

Permalink CVE-2025-39436

9.1 CRITICAL

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): CHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 6 months ago

WordPress I Draw <= 1.0 - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw allows Using Malicious Files. This issue affects I Draw: from n/a through 1.0.

References

https://patchstack.com/database/wordpress/plugin/idraw/vulnerability/wordpress-… vdb-entry

Affected products

idraw

=<1.0

Matching in nixpkgs

pkgs.rapidraw

Blazingly-fast, non-destructive, and GPU-accelerated RAW image editor built with performance in mind

nixos-unstable -
- nixpkgs-unstable 1.3.2

pkgs.kanjidraw

Handwritten kanji recognition

nixos-unstable -
- nixpkgs-unstable 0.2.3

pkgs.jitsi-excalidraw

Excalidraw collaboration backend for Jitsi

nixos-unstable -
- nixpkgs-unstable 21

pkgs.excalidraw_export

CLI to export Excalidraw drawings to SVG and PDF

nixos-unstable -
- nixpkgs-unstable 1.1.0

Package maintainers

@venikx Kevin De Baerdemaeker <code@venikx.com>
@camillemndn Camille M. <camillemondon@free.fr>
@obfusk FC Stegerman <flx@obfusk.net>
@taciturnaxolotl Kieran Klukas <me@dunkirk.sh>

Suggestions search