CVE-2024-51481

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-51481
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51481.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-51481
Aliases
  • GHSA-wf4c-57rh-9pjg
Published
2024-10-31T16:10:22.398Z
Modified
2025-12-05T07:18:46.520884Z
Severity
  • 1.0 (Low) CVSS_V4 - CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N CVSS Calculator
Summary
Nix allows macOS sandbox escape via built-in builders
Details

Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as builtin:fetchurl, exposed to users with import <nix/fetchurl.nix>) were not executed in the macOS sandbox. Thus, these builders (which are running under the nixbld* users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing can mitigate the impact of other security issues by limiting what parts of the host system a build has access to.

Database specific 
{
    "cwe_ids": [
        "CWE-693"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/51xxx/CVE-2024-51481.json"
}
References

Affected packages

Git / github.com/nixos/nix

Affected ranges

Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0f665ff6779454f2117dcc32e44380cda7f45523
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.18.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
16e1ff3bcb5e785cce6bff8d0745e2a73fbd99de
Fixed
d9775222fbfa7e5d8ce1f722ea2968ff840324b4
Database specific 
{
    "versions": [
        {
            "introduced": "2.20.0"
        },
        {
            "fixed": "2.20.9"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
34807c8906a61219ec2e9132c9cf0bd4d29e1d12
Fixed
3824dfde1a42d0ecea4174dbcc4059d889a57f14
Database specific 
{
    "versions": [
        {
            "introduced": "2.21.0"
        },
        {
            "fixed": "2.21.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
5fd799cfa70d22a625bc706a599b6244f654718d
Fixed
750db54bfc0fe1c4ae20af98f537c8607e25368c
Database specific 
{
    "versions": [
        {
            "introduced": "2.22.0"
        },
        {
            "fixed": "2.22.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
ba36959311e09bd798f7029c41e108d9d77c9ac0
Fixed
d01638028ac60645ffeb721340fd25ac8f8269bc
Database specific 
{
    "versions": [
        {
            "introduced": "2.23.0"
        },
        {
            "fixed": "2.23.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/nixos/nix
Events
Introduced
206e32e2d7c72c940a4348648f5de46122c495c9
Fixed
597fcc98e18e3178734d06a9e7306250e8cb8d74
Database specific 
{
    "versions": [
        {
            "introduced": "2.24.0"
        },
        {
            "fixed": "2.24.10"
        }
    ]
}

Affected versions

1.*
1.0
1.1
1.10
1.11
1.11.1
1.2
1.3
1.4
1.5
1.5.1
1.5.2
1.5.3
1.6
1.6.1
1.7
1.8
1.9
2.*
2.0
2.18.0
2.18.1
2.18.2
2.18.3
2.18.4
2.18.5
2.18.6
2.18.7
2.18.8
2.2
2.20.0
2.20.1
2.20.2
2.20.3
2.20.4
2.20.5
2.20.6
2.20.7
2.20.8
2.21.0
2.21.1
2.21.2
2.21.3
2.21.4
2.22.0
2.22.1
2.22.2
2.22.3
2.23.0
2.23.1
2.23.2
2.23.3
2.24.0
2.24.1
2.24.2
2.24.3
2.24.4
2.24.5
2.24.6
2.24.7
2.24.8
2.24.9

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-51481.json"