Lucene search

GoogleOSV:CVE-2021-46872

HistoryJan 13, 2023 - 6:15 a.m.

CVE-2021-46872

2023-01-1306:15:10

Google

osv.dev

nim

rst module

javascript uri

xss

nimforum

security issue

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)

CPENameOperatorVersion
nimeq1.0.0
nimeq0.10.2
nimeq2.0.0
nimeq0.17.0
nimeq2.1.0
nimeq2.0.1
nimeq0.12.0
nimeq0.19.0
nimeq0.18.0
nimeq0.9.2

Name	Operator	Version
nim	eq	1.0.0
nim	eq	0.10.2
nim	eq	2.0.0
nim	eq	0.17.0
nim	eq	2.1.0
nim	eq	2.0.1
nim	eq	0.12.0
nim	eq	0.19.0
nim	eq	0.18.0
nim	eq	0.9.2

Rows per page:

1-10 of 251

References

forum.nim-lang.org/t/8852

github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7

github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2

github.com/nim-lang/Nim/pull/19134

github.com/nim-lang/nimforum

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for OSV:CVE-2021-46872