UBUNTU-CVE-2020-15692

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-15692

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-15692.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-15692

Related

CVE-2020-15692

Published

2020-08-14T19:15:00Z

Modified

2024-10-15T14:07:33Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.

References

Affected packages

Ubuntu:Pro:16.04:LTS / nim

Package

Name: nim
Purl: pkg:deb/ubuntu/nim?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.11.2+dfsg1-4

0.12.0-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / nim

Package

Name: nim
Purl: pkg:deb/ubuntu/nim?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.17.2-1ubuntu1

0.17.2-1ubuntu2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / nim

Package

Name: nim
Purl: pkg:deb/ubuntu/nim?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.20.2-1

1.*

1.0.2-1

1.0.3~rc-1

1.0.4-1

1.0.6-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}