Risk | High |
Patch available | YES |
Number of vulnerabilities | 3 |
CVE-ID | CVE-2021-21372 CVE-2021-21373 CVE-2021-21374 |
CWE-ID | CWE-94 CWE-319 CWE-295 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
nim Universal components / Libraries / Programming Languages & Components |
Vendor | nim-lang.org |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU52763
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21372
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Nimble doCmd when processing entries in the packages.json package. A remote attacker can create a specially crafted entry in the packages.json file, trick the victim into loading the malicious package file and execute arbitrary code on the system.
Install updates from vendor's website.
Vulnerable software versionsnim: 1.2.0 - 1.4.2
External linkshttp://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
http://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130
http://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37
http://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52764
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21373
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to "nimble refresh" tries to fetch a list of Nimble packages over HTTP connection in case HTTPS connection fails. A remote attacker can perform MitM attack and deliver a modified package list containing malicious software packages
MitigationInstall updates from vendor's website.
Vulnerable software versionsnim: 1.2.0 - 1.4.2
External linkshttp://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
http://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130
http://github.com/nim-lang/security/security/advisories/GHSA-8w52-r35x-rgp8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52765
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-21374
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to "nimble refresh" fetches a list of Nimble packages over HTTPS without full verification of the SSL/TLS certificate due to the default setting of httpClient. A remote attacker can perform MitM attack and deliver a modified package list containing malicious software packages
MitigationInstall updates from vendor's website.
Vulnerable software versionsnim: 1.2.0 - 1.4.2
External linkshttp://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
http://github.com/nim-lang/Nim/pull/16940
http://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130
http://github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.