mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
936 B
936 B
CVE-2020-15694
Description
In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.
POC
Reference
- http://www.openwall.com/lists/oss-security/2021/02/04/2
- http://www.openwall.com/lists/oss-security/2021/02/04/2
- https://consensys.net/diligence/vulnerabilities/nim-httpclient-header-crlf-injection/
- https://consensys.net/diligence/vulnerabilities/nim-httpclient-header-crlf-injection/
Github
No PoCs found on GitHub currently.