CVE-2020-15694

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
14/08/2020
Last modified:
08/02/2021

Description

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:* 1.2.6 (including)