A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Nim-lang | Nim-lang | * | * |