Unrated severityNVD Advisory· Published May 7, 2021· Updated Aug 3, 2024
Nim stdlib httpClient does not validate peer certificates by default
CVE-2021-29495
Description
Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- osv-coords5 versionspkg:rpm/opensuse/nim&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nim&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nim&distro=openSUSE%20Tumbleweedpkg:rpm/suse/nim&distro=SUSE%20Package%20Hub%2015%20SP3pkg:rpm/suse/nim&distro=SUSE%20Package%20Hub%2015%20SP4
< 1.6.6-bp153.2.3.1+ 4 more
- (no CPE)range: < 1.6.6-bp153.2.3.1
- (no CPE)range: < 1.6.6-bp154.2.3.1
- (no CPE)range: < 1.6.6-3.1
- (no CPE)range: < 1.6.6-bp153.2.3.1
- (no CPE)range: < 1.6.6-bp154.2.3.1
- nim-lang/securityv5Range: < 1.4.2
Patches
Vulnerability mechanics
References
1- github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqrmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.