2 matches found
CVE-2022-23602 Nim's rst parser sandboxed mode allows include which can embed any local file
Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum'...
CVE-2022-23602
CVE-2022-23602 affects Nimforum prior to 2.2.0. A user can create a thread/post with an include pointing to a local file, causing Nimforum to render the file; this can also be triggered via the post preview endpoint. Consequence includes exposure of sensitive data such as forum.json secrets. Vers...