nim

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Imperative, multi-paradigm, compiled programming language
Version	2.0.2-1 [extra]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2275	1.4.8-1		High	Vulnerable

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41259	AVG-2275	Low	Yes	Insufficient validation	In Nim, the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI...
CVE-2020-23171	AVG-2275	High	Yes	Directory traversal	A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash...

Issue

Group

Severity

Remote

Type

Description

CVE-2021-41259

AVG-2275

Low

Yes

Insufficient validation

In Nim, the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI...

CVE-2020-23171

AVG-2275

High

Yes

Directory traversal

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash...