Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nimble arbitrary code execution for specially crafted package metadata
Vulnerability Description
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
输入验证不恰当
Vulnerability Title
Nimble 操作系统命令注入漏洞
Vulnerability Description
Nim是Nim社区的一种静态类型的编程语言。Nimble是开源的Nim编程语言的软件包管理器。 Nimble 1.2.10 版本和 1.4.4 版本存在操作系统命令注入漏洞,攻击者可利用该漏洞可以在包中创建一个恶意条目,执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A