Lucene search
GoogleOSV:CVE-2021-21374HistoryMar 26, 2021 - 10:15 p.m.
CVE-2021-21374
2021-03-2622:15:12
Google
osv.dev
4
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, “nimble refresh” fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
Related
veracode
veracode
Man-In-The-Middle Attack
2021-04-21 18:12:45
nvd
nvd
CVE-2021-21374
2021-03-26 22:15:12
cve
cve
CVE-2021-21374
2021-03-26 22:15:12
prion
prion
Remote code execution
2021-03-26 22:15:00
cvelist
cvelist
ubuntucve
ubuntucve
CVE-2021-21374
2021-03-26 00:00:00
debiancve
debiancve
CVE-2021-21374
2021-03-26 22:15:12
nessus
nessus
openSUSE Security Update : nim (openSUSE-2021-618)
2021-05-18 00:00:00
openSUSE 15 Security Update : nim (openSUSE-SU-2022:10101-1)
2022-08-28 00:00:00
archlinux
archlinux
[ASA-202104-6] nimble: multiple issues
2021-04-29 00:00:00
suse
suse
Security update for nim (moderate)
2021-04-26 00:00:00
Security update for nim (moderate)
2021-04-29 00:00:00
Security update for nim (important)
2022-08-24 00:00:00
openvas
openvas
openSUSE: Security Advisory for nim (openSUSE-SU-2021:0618-1)
2021-04-27 00:00:00
openSUSE: Security Advisory for nim (openSUSE-SU-2022:10101-1)
2024-03-04 00:00:00