{"id":"CVE-2020-15690","details":"In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.","modified":"2026-03-15T22:34:23.151484Z","published":"2021-01-30T06:15:12.587Z","related":["openSUSE-SU-2022:10095-1","openSUSE-SU-2022:10101-1","openSUSE-SU-2024:12253-1"],"references":[{"type":"FIX","url":"https://github.com/nim-lang/Nim/compare/v1.2.4...v1.2.6"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2021/02/04/3"},{"type":"EVIDENCE","url":"https://consensys.net/diligence/vulnerabilities/nim-asyncftpd-crlf-injection/"},{"type":"EVIDENCE","url":"https://github.com/nim-lang/Nim/blob/dc5a40f3f39c6ea672e6dc6aca7f8118a69dda99/lib/pure/asyncftpclient.nim#L145"},{"type":"EVIDENCE","url":"https://github.com/tintinweb/pub/tree/master/pocs/cve-2020-15690"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nim-lang/nim","events":[{"introduced":"0"},{"fixed":"bf320ed172f74f60fd274338e82bdc9ce3520dd9"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.2.6"}]}}],"versions":["v0.10.2","v0.11.0","v0.11.2","v0.12.0","v0.13.0","v0.14.0","v0.14.2","v0.15.0","v0.15.2","v0.16.0","v0.17.0","v0.17.2","v0.18.0","v0.19.0","v0.20.0","v0.8.14","v0.9.0","v0.9.2","v0.9.4","v0.9.6","v1.0.0","v1.2.0","v1.2.2","v1.2.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-15690.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}