Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-22050

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 6 months, 1 week ago

Iodine Static File Server Path Traversal Vulnerability

Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs.

References

https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory x_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… x_transferred patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory x_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory x_transferred
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory x_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… x_transferred patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory x_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory x_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory
https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 vendor-advisory x_transferred
https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c1775970594… x_transferred patch
https://github.com/advisories/GHSA-85rf-xh54-whp3 third-party-advisory x_transferred
https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 third-party-advisory x_transferred

Affected products

iodine

<0.7.33

Matching in nixpkgs

pkgs.iodine

Tool to tunnel IPv4 data through a DNS server

nixos-unstable -
- nixpkgs-unstable 0.8.0

pkgs.networkmanager-iodine

NetworkManager's iodine plugin

nixos-unstable -
- nixpkgs-unstable 1.2.0-unstable-2025-09-06

Package maintainers

@jtojnar Jan Tojnar <jtojnar@gmail.com>
@obadz obadz <obadz-nixos@obadz.com>