CVE-2024-51481

🗓️ 31 Oct 2024 16:10:22Reported by GitHub_MType

Nix package manager allows unauthorized access outside macOS sandbox in versions 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.1

Reporter	Title	Published	Views	Family All 11
AlpineLinux	CVE-2024-51481	31 Oct 202417:15	–	alpinelinux
Circl	CVE-2024-51481	31 Oct 202419:27	–	circl
CNNVD	Nix 安全漏洞	31 Oct 202400:00	–	cnnvd
Cvelist	CVE-2024-51481 Nix allows macOS sandbox escape via built-in builders	31 Oct 202416:10	–	cvelist
Debian CVE	CVE-2024-51481	31 Oct 202416:10	–	debiancve
EUVD	EUVD-2024-45355	3 Oct 202520:07	–	euvd
NVD	CVE-2024-51481	31 Oct 202417:15	–	nvd
OSV	CVE-2024-51481 Nix allows macOS sandbox escape via built-in builders	31 Oct 202416:10	–	osv
Positive Technologies	PT-2024-34646 · Nix · Nix	31 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-51481	23 May 202508:05	–	redhatcve

Vulners

Node

nixos nixRange<2.18.9

nixos nixRange2.20.0–2.20.9

nixos nixRange2.21.0–2.21.5

nixos nixRange2.22.0–2.22.4

nixos nixRange2.23.0–2.23.4

nixos nixRange2.24.0–2.24.10

[
  {
    "vendor": "NixOS",
    "product": "nix",
    "versions": [
      {
        "version": "< 2.18.9",
        "status": "affected"
      },
      {
        "version": ">= 2.19.0, < 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, 2.24.10",
        "status": "affected"
      },
      {
        "version": ">= 2.20.0, < 2.20.9",
        "status": "affected"
      },
      {
        "version": ">= 2.21.0, < 2.21.5",
        "status": "affected"
      },
      {
        "version": ">= 2.22.0, < 2.22.4",
        "status": "affected"
      },
      {
        "version": ">= 2.23.0, < 2.23.4",
        "status": "affected"
      },
      {
        "version": ">= 2.24.0, < 2.24.10",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74
github	www.github.com/NixOS/nix/security/advisories/GHSA-wf4c-57rh-9pjg

15 Apr 2026 00:35Current

6.3Medium risk

Vulners AI Score6.3

CVSS 41

EPSS0.00079

SSVC

CWE-693