VYPR
Unrated severityNVD Advisory· Published Mar 26, 2021· Updated Aug 3, 2024

Nimble arbitrary code execution for specially crafted package metadata

CVE-2021-21372

Description

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

9

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.