Lucene search
Veracode Vulnerability DatabaseVERACODE:30086HistoryApr 21, 2021 - 6:12 p.m.
Man-In-The-Middle Attack
2021-04-2118:12:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.002 Low
EPSS
Percentile
53.3%
Nim is vulnerable to man-in-the-middle attack. The vulnerability exists when during ‘nimble refresh’, the system fetches a list of Nimble packages over HTTPS without verifying the SSL/TLS certificate, allowing an attacker to perform man-in-the-middle attack by delivering a modified malicious package instead.
References
consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/
github.com/nim-lang/Nim/pull/16940
github.com/nim-lang/nimble/blob/master/changelog.markdown#0130
github.com/nim-lang/security/security/advisories/GHSA-c2wm-v66h-xhxx
security-tracker.debian.org/tracker/CVE-2021-21374
Related
nvd
nvd
CVE-2021-21374
2021-03-26 22:15:12
ubuntucve
ubuntucve
CVE-2021-21374
2021-03-26 00:00:00
debiancve
debiancve
CVE-2021-21374
2021-03-26 22:15:12
cvelist
cvelist
prion
prion
Remote code execution
2021-03-26 22:15:00
cve
cve
CVE-2021-21374
2021-03-26 22:15:12
osv
osv
CVE-2021-21374
2021-03-26 22:15:12
nessus
nessus
openSUSE Security Update : nim (openSUSE-2021-618)
2021-05-18 00:00:00
openSUSE 15 Security Update : nim (openSUSE-SU-2022:10101-1)
2022-08-28 00:00:00
archlinux
archlinux
[ASA-202104-6] nimble: multiple issues
2021-04-29 00:00:00
suse
suse
Security update for nim (moderate)
2021-04-26 00:00:00
Security update for nim (moderate)
2021-04-29 00:00:00
Security update for nim (important)
2022-08-27 00:00:00
openvas
openvas
openSUSE: Security Advisory for nim (openSUSE-SU-2021:0618-1)
2021-04-27 00:00:00
openSUSE: Security Advisory for nim (openSUSE-SU-2022:10101-1)
2024-03-04 00:00:00