Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.
References
Link | Resource |
---|---|
https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-05-07T15:15:10
Updated: 2021-05-07T15:15:10
Reserved: 2021-03-30T00:00:00
Link: CVE-2021-29495
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-05-07T16:15:08.347
Modified: 2021-05-14T16:32:50.210
Link: CVE-2021-29495
JSON object: View
Redhat Information
No data.
CWE