Nixpkgs security tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: trino-cli

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-34214
7.7 HIGH
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): CHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
updated 1 week ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week ago
  • @LeSuisse removed package python312Packages.trino-python-client 1 week ago
  • @LeSuisse removed package python313Packages.trino-python-client 1 week ago
  • @LeSuisse removed package python314Packages.trino-python-client 1 week ago
  • @LeSuisse accepted 1 week ago
  • @LeSuisse published on GitHub 1 week ago
Trino: Iceberg REST catalog static and vended credentials are accessible via query JSON

Trino is a distributed SQL query engine for big data analytics. From version 439 to before version 480, Iceberg connector REST catalog static credentials (access key) or vended credentials (temporary access key) are accessible to users that have write privilege on SQL level. This issue has been patched in version 480.

Affected products

trino
  • ==>= 439, < 480

Matching in nixpkgs

pkgs.trino-cli

Trino CLI provides a terminal-based, interactive shell for running queries

  • nixos-unstable 476
    • nixpkgs-unstable 476
    • nixos-unstable-small 476
  • nixos-25.11 476
    • nixos-25.11-small 476
    • nixpkgs-25.11-darwin 476

Package maintainers

Advisory: https://github.com/trinodb/trino/security/advisories/GHSA-x27p-5f68-m644