Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nim's rst parser sandboxed mode allows include which can embed any local file
Vulnerability Description
Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum's post "preview" endpoint. Even if NimForum is running as a non-critical user, the forum.json secrets can be stolen. Version 2.2.0 of NimForum includes patches for this vulnerability. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
Nimforum 路径遍历漏洞
Vulnerability Description
Nimforum是一个轻量级的论坛实现,与 Discourse 有许多相似之处。它以Nim编程语言实现,并使用 SQLite 作为其数据库。 Nimforum 存在路径遍历漏洞,该漏洞源于任何论坛用户都可以创建一个包含引用主机操作系统本地文件的帖子从而Nimforum将渲染文件。
CVSS Information
N/A
Vulnerability Type
N/A