Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-22050

created 4 months, 3 weeks ago

Iodine Static File Server Path Traversal Vulnerability

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

Affected products

iodine

<0.7.33

Matching in nixpkgs

pkgs.iodine

Tool to tunnel IPv4 data through a DNS server

nixos-unstable -
- nixpkgs-unstable 0.8.0

pkgs.networkmanager-iodine

NetworkManager's iodine plugin

nixos-unstable -
- nixpkgs-unstable 1.2.0-unstable-2025-09-06

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@obadz obadz <obadz-nixos@obadz.com>

Suggestions search

Affected products

Matching in nixpkgs

pkgs.iodine

pkgs.networkmanager-iodine

Package maintainers