CVE-2021-29495

Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:01

Type Values Removed Values Added
References () https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr - Third Party Advisory () https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr - Third Party Advisory
CVSS v2 : 5.0
v3 : 7.5
v2 : 5.0
v3 : 5.9

Information

Published : 2021-05-07 16:15

Updated : 2024-11-21 06:01


NVD link : CVE-2021-29495

Mitre link : CVE-2021-29495

CVE.ORG link : CVE-2021-29495


JSON object : View

Products Affected

nim-lang

  • nim
CWE
CWE-295

Improper Certificate Validation