UBUNTU-CVE-2021-21372
- Source
- https://ubuntu.com/security/CVE-2021-21372
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-21372.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2021-21372
- Related
- Published
- 2021-03-26T22:15:00Z
- Modified
- 2025-01-13T10:22:29Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution.
- References
Affected packages
Ubuntu:Pro:16.04:LTS / nim
Package
- Name
- nim
- Purl
- pkg:deb/ubuntu/nim@0.12.0-2?arch=source&distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / nim
Package
- Name
- nim
- Purl
- pkg:deb/ubuntu/nim@0.17.2-1ubuntu2?arch=source&distro=esm-apps/bionic
Ubuntu:20.04:LTS / nim
Package
- Name
- nim
- Purl
- pkg:deb/ubuntu/nim@1.0.6-1?arch=source&distro=focal
Ubuntu:24.10 / nim
Package
- Name
- nim
- Purl
- pkg:deb/ubuntu/nim@1.6.14-1ubuntu2?arch=source&distro=oracular