cvelistv5 - CVE-2021-41259

CVE-2021-41259

Vulnerability from cvelistv5

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2023-04-07T00:00:00",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-41259",
    "dateRejected": "2023-04-07T00:00:00",
    "dateReserved": "2021-09-15T00:00:00",
    "dateUpdated": "2023-04-07T00:00:00",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-41259\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-11-12T18:15:07.667\",\"lastModified\":\"2023-11-07T03:38:54.230\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None.\"}],\"metrics\":{},\"references\":[]}}"
  }
}

gsd-2021-41259

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None.

Aliases

CVE-2021-41259

Aliases

CVE-2021-41259

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-41259",
    "description": "Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(\"http://localhost\\0hello\").hostname is set to \"localhost\\0hello\". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(\"http://localhost\\0hello\") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack.",
    "id": "GSD-2021-41259",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-41259.html",
      "https://security.archlinux.org/CVE-2021-41259"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-41259"
      ],
      "details": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None.",
      "id": "GSD-2021-41259",
      "modified": "2023-12-13T01:23:27.482404Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2021-41259",
        "STATE": "REJECT"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Notes: None."
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:nim-lang:nim:1.2.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nim-lang:nim:1.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nim-lang:nim:1.4.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nim-lang:nim:1.4.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:nim-lang:nim:1.6.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41259"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Nim is a systems programming language with a focus on efficiency, expressiveness, and elegance. In affected versions the uri.parseUri function which may be used to validate URIs accepts null bytes in the input URI. This behavior could be used to bypass URI validation. For example: parseUri(\"http://localhost\\0hello\").hostname is set to \"localhost\\0hello\". Additionally, httpclient.getContent accepts null bytes in the input URL and ignores any data after the first null byte. Example: getContent(\"http://localhost\\0hello\") makes a request to localhost:80. An attacker can use a null bytes to bypass the check and mount a SSRF attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-918"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-11-17T15:45Z",
      "publishedDate": "2021-11-12T18:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-41259

Vulnerability from cvelistv5

gsd-2021-41259

Vulnerability from gsd

Tags

Sightings

Nomenclature