nimble

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Unknown
Version Removed

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1842 1:0.12.0-1 1:0.13.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2021-21374 AVG-1842 High Yes Man-in-the-middle
In Nimble before version 0.13.0, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to...
CVE-2021-21373 AVG-1842 High Yes Man-in-the-middle
In Nimble before version 0.13.0, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL...
CVE-2021-21372 AVG-1842 High Yes Arbitrary command execution
In Nimble before version 0.13.0, doCmd can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package...

Advisories

Date Advisory Group Severity Type
29 Apr 2021 ASA-202104-6 AVG-1842 High multiple issues