Skip to content

Nimble arbitrary code execution for specially crafted package metadata

High
FedericoCeratto published GHSA-rg9f-w24h-962p Mar 26, 2021

Package

Nimble (Nim)

Affected versions

< 1.4.4 (Nim release version)

Patched versions

1.2.10 and 1.4.4

Description

Impact

doCmd is used in different places and can be leveraged to execute arbitrary commands.
An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

Workarounds

The official Nimble packages list at https://github.com/nim-lang/packages is manually reviewed.

References

https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/

Severity

High
8.4
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
High
Privileges required
None
User interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE ID

CVE-2021-21372

Weaknesses

Credits