vulnerability
Ubuntu: (CVE-2020-15694): nim vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Aug 14, 2020 | Nov 19, 2024 | Oct 30, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Aug 14, 2020
Added
Nov 19, 2024
Modified
Oct 30, 2025
Description
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
Solution
ubuntu-upgrade-nim
References
- CVE-2020-15694
- https://attackerkb.com/topics/CVE-2020-15694
- CWE-20
- URL-https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/httpclient.nim#L241
- URL-https://nim-lang.org/blog/2020/07/30/versions-126-and-108-released.html
- URL-https://www.cve.org/CVERecord?id=CVE-2020-15694
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.