CVE-2020-23171

MEDIUM

Nim-lang - Path Traversal

Title source: llm

Description

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/nim-lang/zip/issues/54

Scores

CVSS v3 5.5

EPSS 0.0059

EPSS Percentile 69.2%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

CWE

CWE-610

Status published

Products (1)

nim-lang/nim-lang

Published Aug 10, 2021

Tracked Since Feb 18, 2026