Nixpkgs Security Tracker

Permalink CVE-2026-1616

7.5 HIGH

CVSS version: 3.1
Attack vector (AV): NETWORK
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): NONE
Availability impact (A): NONE

created 1 month, 3 weeks ago

osim: Path Traversal via query parameters in Nginx configuration

The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.

References

https://github.com/RedHatProductSecurity/osim/pull/615

Affected products

osim

<v2025.9.0

Matching in nixpkgs

pkgs.gosimports

Simpler goimports

nixos-unstable 0.3.8
- nixpkgs-unstable 0.3.8
- nixos-unstable-small 0.3.8

pkgs.pyrosimple

RTorrent client

nixos-unstable 2.14.2
- nixpkgs-unstable 2.14.2
- nixos-unstable-small 2.14.2

Package maintainers

@maolonglong Shaolong Chen <shaolong.chen@outlook.it>
@vamega Varun Madiath <github@madiathv.com>