CVE-2021-21372 log

Source
Severity High
Remote Yes
Type Arbitrary command execution
Description 
In Nimble before version 0.13.0, doCmd can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
Group Package Affected Fixed Severity Status Ticket
AVG-1842 nimble 1:0.12.0-1 1:0.13.1-1 High Fixed
Date Advisory Group Package Severity Type
29 Apr 2021 ASA-202104-6 AVG-1842 nimble High multiple issues
References 
https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
https://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37