You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
doCmd is used in different places and can be leveraged to execute arbitrary commands.
An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
Impact
doCmd is used in different places and can be leveraged to execute arbitrary commands.
An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
Workarounds
The official Nimble packages list at https://github.com/nim-lang/packages is manually reviewed.
References
https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/