CVE-2024-36050 Information

Description

Nix through 2.22.1 mishandles certain usage of hash caches which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.

Reference

https://github.com/NixOS/nix/issues/969 https://github.com/NixOS/ofborg/issues/68#issuecomment-2082789441