One Article Review
| Source |  CVE Liste |
|---|---|
| Identifiant | 3651471 |
| Date de publication | 2021-11-12 18:15:07 (vue: 2021-11-12 20:05:41) |
| Titre | CVE-2021-41259 |
| Texte | Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri("http://localhost\0hello").hostname is set to "localhost\0hello". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent("http://localhost\0hello") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack. |
| Notes | |
| Envoyé | Oui |
| Condensat | 0hello 2021 41259 accepts additionally affected after any attack attacker behavior bypass byte bytes can check could cve data efficiency elegance example: expressiveness first focus function getcontent hostname http://localhost httpclient ignores input language localhost localhost:80 makes may mount nim null parseuri programming request set ssrf systems uri uris url use used validate validation versions which |
| Tags | |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.