Security Advisory

CVE-2021-21372

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-26 21:20:15

Last updated 2024-08-03 18:09:15

Assigner GitHub_M

State PUBLISHED

Description

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.

← Browse all CVEs View on cve.org ↗