Количество 7
Количество 7
CVE-2021-21374
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
CVE-2021-21374
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.
CVE-2021-21374
Nimble is a package manager for the Nim programming language. In Nim r ...
BDU:2024-04383
Уязвимость функции nimble refresh менеджера пакетов Nimble языка программирования Nim, позволяющая нарушителю реализовать атаку типа «человек посередине» или выполнить произвольный код
openSUSE-SU-2021:0618-1
Security update for nim
openSUSE-SU-2022:10101-1
Security update for nim
openSUSE-SU-2022:10095-1
Security update for nim
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-21374 Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | CVSS3: 8.1 | 0% Низкий | почти 5 лет назад |
 | CVE-2021-21374 Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution. | CVSS3: 8.1 | 0% Низкий | почти 5 лет назад |
| CVE-2021-21374 Nimble is a package manager for the Nim programming language. In Nim r ... | CVSS3: 8.1 | 0% Низкий | почти 5 лет назад |
 | BDU:2024-04383 Уязвимость функции nimble refresh менеджера пакетов Nimble языка программирования Nim, позволяющая нарушителю реализовать атаку типа «человек посередине» или выполнить произвольный код | CVSS3: 8.1 | 0% Низкий | около 5 лет назад |
 | openSUSE-SU-2021:0618-1 Security update for nim | почти 5 лет назад | ||
| openSUSE-SU-2022:10101-1 Security update for nim | больше 3 лет назад | ||
| openSUSE-SU-2022:10095-1 Security update for nim | больше 3 лет назад |
Уязвимостей на страницу