Описание
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
Ссылки
- https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ExploitThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ExploitThird Party Advisory
- Release NotesThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.3 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
Связанные уязвимости
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
Nimble is a package manager for the Nim programming language. In Nim r ...
EPSS
8.3 High
CVSS3
8.8 High
CVSS3
6.8 Medium
CVSS2