PT-2020-14588 · Nim+1 · Nim+1

Tintinweb

Published

2020-08-14

Updated

2024-06-15

CVE-2020-15693

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nim version 1.2.4

Description The standard library httpClient in Nim is susceptible to a CR-LF injection in the target URL. This injection can occur if an attacker controls any part of the URL provided in a call, such as httpClient.get or httpClient.post, the User-Agent header value, or custom HTTP header names or values.

Recommendations For Nim version 1.2.4, consider restricting the use of the httpClient module until a patch is available, and avoid using user-controlled input in the URL, User-Agent header, or custom HTTP headers to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74

Related Identifiers

ALT-PU-2020-3173

CVE-2020-15693

OPENSUSE-SU-2022:10095-1

OPENSUSE-SU-2022:10101-1

OPENSUSE-SU-2024:12253-1

Affected Products

Alt Linux

Nim

PT-2020-14588 · Nim+1 · Nim+1

CVE-2020-15693

Weakness Enumeration

Related Identifiers

Affected Products

References · 35