CRITICAL🇬🇧 English

CVE-2020-15692

CVSS 9.8v3.1pub. 2020-08-14upd. 2024-11-21

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Nim Lang Nim

    APP
    Nim-Lang
    ≤ 1.2.6
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-15690CRITICAL9.8ten sam produkt

In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newlin...

CVE-2021-21373HIGH7.5ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2021-21372HIGH8.3ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 an...

CVE-2021-21374HIGH8.1ten sam produkt

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 a...

CVE-2020-15694HIGH7.5ten sam produkt

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, htt...