VYPR

Nim

by nim-lang

CVEs (2)

  • CVE-2020-15694HigAug 14, 2020
    risk 0.49cvss 7.5epss 0.02

    In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

  • CVE-2021-29495MedMay 7, 2021
    risk 0.38cvss 5.9epss 0.00

    Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer"…