Nim Security Vulnerabilities and Issues — Nim CVE List

Lucene search

Nim-langNim

3 matches found

CVE•added 2021/03/26 10:15 p.m.•168 views

CVE-2021-21373

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker ab...

7.5CVSS7.2AI score0.0019EPSS

CVE•added 2020/08/14 7:15 p.m.•51 views

CVE-2020-15694

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

7.5CVSS7.8AI score0.01086EPSS

CVE•added 2021/05/07 4:15 p.m.•44 views

CVE-2021-29495

Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.

7.5CVSS6.4AI score0.00155EPSS