Vulnerability in Nim 1.2.4: Improper Server Response Validation in httpClient

Vulnerability in Nim 1.2.4: Improper Server Response Validation in httpClient

CVE-2020-15694 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

In Nim 1.2.4, the standard library httpClient fails to properly validate the server response. For example, httpClient.get().contentLength() does not raise any error if a malicious server provides a negative Content-Length.

Learn more about our Cis Benchmark Audit For Server Software.