XSS Vulnerability in Nim Language RST Module Affecting NimForum and Other Products
CVE-2021-46872

6.1MEDIUM

Key Information:

Vendor: Nim-lang
Status: Nimforum; Nim
Vendor: CVE Published:; 13 January 2023

What is CVE-2021-46872?

An issue was discovered in Nim before version 1.6.2 where the RST module in the standard library allows the use of the javascript: URI scheme. This vulnerability can potentially lead to Cross-Site Scripting (XSS) in applications that utilize this module, exposing them to various security risks. Users are encouraged to update to Nim version 1.6.2 or later, which address the issue, and to check if there are backports of this fix available for earlier versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nim-lang/nimforum

https://forum.nim-lang.org/t/8852

https://github.com/nim-lang/Nim/pull/19134

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 13, 2023
Vulnerability Reserved
Jan 13, 2023

JSON

Nim-lang

What is CVE-2021-46872?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.