CVE-2024-45845 - Vulnerability Details

DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

References

No reference.

History

Thu, 12 Sep 2024 21:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-22
CPEs	cpe:2.3:a:nix:nix::::::::
Vendors & Products	Nix Nix nix
Metrics	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 12 Sep 2024 20:30:00 +0000

Type	Values Removed	Values Added
References	https://github.com/NixOS/nix/tags https://news.ycombinator.com/item?id=41492994 https://puckipedia.com/7hkj-98sq/qixt

Thu, 12 Sep 2024 20:15:00 +0000

Type	Values Removed	Values Added
Description	nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493.	DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2024-45593. Reason: This record is a reservation duplicate of CVE-2024-45593. Notes: All CVE users should reference CVE-2024-45593 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

Tue, 10 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Nix Nix nix
Weaknesses		CWE-22
CPEs		cpe:2.3:a:nix:nix::::::::
Vendors & Products		Nix Nix nix
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 10 Sep 2024 11:15:00 +0000

Type	Values Removed	Values Added
Description		nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of mishandling of a directory containing a symlink and a directory of the same name, aka GHSA-h4vv-h3jq-v493.
References		https://github.com/NixOS/nix/tags https://news.ycombinator.com/item?id=41492994 https://puckipedia.com/7hkj-98sq/qixt

MITRE

Status: REJECTED

Assigner: mitre

Published: 2024-09-10T00:00:00

Updated: 2024-09-12T20:07:13.149489

Reserved: 2024-09-10T00:00:00

Link: CVE-2024-45845

Vulnrichment

Updated:

NVD

Status : Rejected

Published: 2024-09-10T11:15:10.660

Modified: 2024-09-12T20:15:05.273

Link: CVE-2024-45845

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object