CVE-2024-36050

Published May 18th, 2024

View on NVD ↗

CVSS v3

4.3

MEDIUM

CVSS v2

N/A

Affected

PROJECTS

Description

Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.

NixOS/nix

Nix, the purely functional package manager

GitHub

17K

NixOS/ofborg

@ofborg tooling automation https://monitoring.ofborg.org/dashboard/db/ofborg

GitHub

315