| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary command execution |
|
| Description |
| + |
In Nimble before version 0.13.0, doCmd can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution. |
|
| References |
| + |
https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p |
| + |
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/ |
| + |
https://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37 |
|
| Notes |
|