Externally Controlled Reference to a Resource in Another Sphere
CVE-2020-23171
Summary
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
- LOW
- LOCAL
- HIGH
- UNCHANGED
- REQUIRED
- NONE
- NONE
- NONE
CWE-610 - Externally Controlled Reference to a Resource in Another Sphere
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
References
Advisory Timeline
- Published