HIGH🇵🇱 Wersja polska

CVE-2021-21372

CVSS 8.3v3.1pub. 2021-03-26upd. 2024-11-21

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Nim Lang Nim

    APP
    Nim-Lang
    < 1.2.101.4.0 – 1.4.4 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCECommand Injection
CWE
References

Related vulnerabilities

CVE-2020-15690CRITICAL9.8ten sam produkt

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newlin...

CVE-2020-15692CRITICAL9.8ten sam produkt

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This a...

CVE-2021-21373HIGH7.5ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2021-21374HIGH8.1ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2020-15694HIGH7.5ten sam produkt

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, htt...