CVE-2020-15692

In Nim 1.2.4, the standard library browsers mishandles the URL argument to browsers.openDefaultBrowser. This argument can be a local file path that will be opened in the default explorer. An attacker can pass one argument to the underlying open command to execute arbitrary registered system commands.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:*

Information

Published : 2020-08-14 12:15

Updated : 2021-02-08 12:44


NVD link : CVE-2020-15692

Mitre link : CVE-2020-15692


JSON object : View

CWE
CWE-88

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Advertisement

dedicated server usa

Products Affected

nim-lang

  • nim