HIGH🇬🇧 English

CVE-2021-21372

CVSS 8.3v3.1pub. 2021-03-26upd. 2024-11-21

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Nim Lang Nim

    APP
    Nim-Lang
    < 1.2.101.4.0 – 1.4.4 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
RCECommand Injection
CWE
Referencje

Powiązane podatności

CVE-2020-15690CRITICAL9.8ten sam produkt

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newlin...

CVE-2020-15692CRITICAL9.8ten sam produkt

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This a...

CVE-2021-21373HIGH7.5ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2021-21374HIGH8.1ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2020-15694HIGH7.5ten sam produkt

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, htt...