{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T10:40:36.173","vulnerabilities":[{"cve":{"id":"CVE-2021-21372","sourceIdentifier":"security-advisories@github.com","published":"2021-03-26T22:15:12.697","lastModified":"2024-11-21T05:48:13.240","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nimble is a package manager for the Nim programming language. In Nim release version before versions 1.2.10 and 1.4.4, Nimble doCmd is used in different places and can be leveraged to execute arbitrary commands. An attacker can craft a malicious entry in the packages.json package list to trigger code execution."},{"lang":"es","value":"Nimble es un administrador de paquetes para el lenguaje de programación Nim. En la versión de lanzamiento de Nim versiones anteriores a 1.2.10 y 1.4.4, Nimble doCmd es usado en diferentes lugares y puede ser aprovechado para ejecutar comandos arbitrarios. Un atacante puede crear una entrada maliciosa en la lista de paquetes packages.json para desencadenar una ejecución del código."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H","baseScore":8.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.6,"impactScore":6.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-20"},{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.10","matchCriteriaId":"895C273A-28A1-4592-8A50-9A8FAAD7D98C"},{"vulnerable":true,"criteria":"cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:*","versionStartIncluding":"1.4.0","versionEndExcluding":"1.4.4","matchCriteriaId":"FBDDF104-9FC9-4CED-9F87-26CF1DA2EF4E"}]}]}],"references":[{"url":"https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130","source":"security-advisories@github.com","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://consensys.net/diligence/vulnerabilities/nim-insecure-ssl-tls-defaults-remote-code-execution/","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/nim-lang/nimble/blob/master/changelog.markdown#0130","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Release Notes","Third Party Advisory"]},{"url":"https://github.com/nim-lang/nimble/commit/7bd63d504a4157b8ed61a51af47fb086ee818c37","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nim-lang/security/security/advisories/GHSA-rg9f-w24h-962p","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}