AVG-2275 log
| Package | nim |
| Status | Vulnerable |
| Severity | High |
| Type | multiple issues |
| Affected | 1.4.8-1 |
| Fixed | Unknown |
| Current | 2.0.8-1 [extra] |
| Ticket | Create |
| Created | Tue Aug 10 16:30:29 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-41259 | Low | Yes | Insufficient validation | In Nim, the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI... |
| CVE-2020-23171 | High | Yes | Directory traversal | A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash... |