Описание
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Ссылки
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- ExploitMailing ListThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
In Nim 1.2.4, the standard library httpClient fails to properly valida ...
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2