Nim Security Vulnerabilities and Issues — Nim CVE List

Lucene search

Nim-langNim

3 matches found

CVE•added 2020/08/14 7:15 p.m.•65 views

CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system command...

10CVSS9.3AI score0.01048EPSS

CVE•added 2020/08/14 7:15 p.m.•60 views

CVE-2020-15693

In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or value...

6.5CVSS6.6AI score0.00891EPSS

CVE•added 2020/08/14 7:15 p.m.•50 views

CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

7.5CVSS7.8AI score0.00664EPSS