Federico Ceratto

**Name of the Vulnerable Software and Affected Versions** Nim versions prior to 1.2.10 Nim versions prior to 1.4.4 **Description** The issue concerns Nimble, a package manager for the Nim programming language. In affected versions, Nimble's doCmd can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the `packages.json` package list to trigger code execution. **Recommendations** For versions prior to 1.2.10, update to version 1.2.10 or later. For versions prior to 1.4.4, update to version 1.4.4 or later.

**Name of the Vulnerable Software and Affected Versions** SRT versions through 1.3.4 **Description** The issue is related to an array overflow in the CSndUList, which occurs when there are multiple SRT connections. **Recommendations** For versions through 1.3.4, consider limiting the number of SRT connections to prevent the array overflow until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Nim versions prior to 1.4.2 **Description** The issue is related to the Nim standard library, where SSL/TLS certificate verification for the httpClient is disabled by default. This could potentially allow a remote attacker to impact data integrity. **Recommendations** For versions prior to 1.4.2, upgrade to version 1.4.2 to receive a patch. As a temporary workaround, set `verifyMode = CVerifyPeer` as documented.