vulnerability
Ubuntu: (CVE-2020-15694): nim vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Aug 14, 2020 | Nov 19, 2024 | Mar 27, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 14, 2020
Added
Nov 19, 2024
Modified
Mar 27, 2026
Description
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Solution
ubuntu-upgrade-nim
References
- CVE-2020-15694
- https://attackerkb.com/topics/CVE-2020-15694
- CWE-20
- EUVD-EUVD-2020-7681
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-7681
- https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L241
- https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html
- https://www.cve.org/CVERecord?id=CVE-2020-15694
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.