Externally Controlled Reference to a Resource in Another Sphere

CVE-2020-23171

Medium

5.5/10

Summary

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.

References

Advisory Timeline

Published Aug 10, 2021

Externally Controlled Reference to a Resource in Another Sphere

CVE-2020-23171

Summary

CWE-610 - Externally Controlled Reference to a Resource in Another Sphere

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS