CVE-2024-45845 Information

Description

nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file because of mishandling of a directory containing a symlink and a directory of the same name aka GHSA-h4vv-h3jq-v493.

Reference

https://puckipedia.com/7hkj-98sq/qixt https://github.com/NixOS/nix/tags https://news.ycombinator.com/item?id=41492994