Nim Security Vulnerabilities and Issues — Nim CVE List

Lucene search

Nim-langNim

3 matches found

CVE•added 2021/03/26 10:15 p.m.•189 views

CVE-2021-21374

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to pe...

8.1CVSS8.4AI score0.00274EPSS

CVE•added 2021/03/26 10:15 p.m.•175 views

CVE-2021-21372

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger co...

8.8CVSS8.8AI score0.01119EPSS

CVE•added 2021/03/26 10:15 p.m.•167 views

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker ab...

7.5CVSS7.2AI score0.0016EPSS