CVE-2021-46872

CVSS V2 None CVSS V3 None
Description
An issue was discovered in Nim before 1.6.2. The RST module of the Nim language stdlib, as used in NimForum and other products, permits the javascript: URI scheme and thus can lead to XSS in some applications. (Nim versions 1.6.2 and later are fixed; there may be backports of the fix to some earlier versions. NimForum 2.2.0 is fixed.)
Overview
  • CVE ID
  • CVE-2021-46872
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-13T06:15:10
  • Last Modified Date
  • 2023-01-23T20:19:06
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nim-lang:nim:*:*:*:*:*:*:*:* 1 OR 1.6.2
cpe:2.3:a:nim-lang:nimforum:*:*:*:*:*:nim:*:* 1 OR 2.2.0
References
Reference URL Reference Tags
https://forum.nim-lang.org/t/8852
https://github.com/nim-lang/Nim/commit/46275126b89218e64844eee169e8ced05dd0e2d7
https://github.com/nim-lang/Nim/compare/v1.6.0...v1.6.2
https://github.com/nim-lang/Nim/pull/19134
https://github.com/nim-lang/nimforum
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2021-46872
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46872
History
Created Old Value New Value Data Type Notes
2023-01-13 09:16:55 Added to TrackCVE
2023-01-13 14:14:47 2023-01-13T14:01:26 CVE Modified Date updated
2023-01-13 14:14:47 Received Awaiting Analysis Vulnerability Status updated
2023-01-19 16:15:22 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-23 21:13:16 2023-01-23T20:19:06 CVE Modified Date updated
2023-01-23 21:13:16 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-23 21:13:17 Weakness Enumeration new
2023-01-23 21:13:18 CPE Information updated