Filtered by vendor Nim-lang
Subscribe
Search
Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23171 | 1 Nim-lang | 1 Nim-lang | 2021-08-17 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file. | |||||
| CVE-2021-21373 | 1 Nim-lang | 1 Nim | 2021-03-31 | 4.3 MEDIUM | 5.9 MEDIUM |
| Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | |||||
| CVE-2020-15693 | 1 Nim-lang | 1 Nim | 2021-02-08 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. | |||||