VDB
CVE-2021-29495
CVE-2021-29495
PUBLISHED
Nim is a statically typed compiled systems programming language. In Nim standard library before 1.4.2, httpClient SSL/TLS certificate verification was disabled by default. Users can upgrade to version 1.4.2 to receive a patch or, as a workaround, set "verifyMode = CVerifyPeer" as documented.
EPSS 0.11% · 28.4th percentile
Risk Scores
EPSS Score
0.11%
28.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | nim | 0, 0.17.2-1ubuntu1, 0.17.2-1ubuntu2 |
| Ubuntu:20.04:LTS | nim | 1.0.4-1, 1.0.2-1, 1.0.3~rc-1 |
| Ubuntu:16.04:LTS | nim | 0.12.0-2, 0, 0.11.2+dfsg1-4 |
Exploit Intelligence
Timeline
- May 7, 2021 CVE Published
- May 8, 2021 EPSS Score
- May 12, 2021 EPSS Score
- Jun 8, 2021 EPSS Score
- Sep 11, 2021 EPSS Score
- Nov 12, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 13, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 16, 2022 EPSS Score
- Jul 18, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2021-29495 third-party-advisory
- https://github.com/nim-lang/security/security/advisories/GHSA-9vqv-2jj9-7mqr third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2021-29495 third-party-advisory