rpm package
suse/nim&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/nim&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-21373 | — | < 1.2.12-bp152.4.3.1 | 1.2.12-bp152.4.3.1 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.j | ||
| CVE-2021-21374 | — | < 1.2.12-bp152.4.3.1 | 1.2.12-bp152.4.3.1 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An | ||
| CVE-2021-21372 | — | < 1.2.12-bp152.4.3.1 | 1.2.12-bp152.4.3.1 | Mar 26, 2021 | Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package |
- CVE-2021-21373Mar 26, 2021affected < 1.2.12-bp152.4.3.1fixed 1.2.12-bp152.4.3.1
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.j
- CVE-2021-21374Mar 26, 2021affected < 1.2.12-bp152.4.3.1fixed 1.2.12-bp152.4.3.1
Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. An
- CVE-2021-21372Mar 26, 2021affected < 1.2.12-bp152.4.3.1fixed 1.2.12-bp152.4.3.1
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package