How severe is CVE-2021-21373?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-21373?

This is classified as CWE-348, which is a common weakness in software security.

CVE-2021-21373 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

Nimble is a package manager for the Nim programming language. In Nim release versions before versions 1.2.10 and 1.4.4, "nimble refresh" fetches a list of Nimble packages over HTTPS by default. In case of error it falls back to a non-TLS URL http://irclogs.nim-lang.org/packages.json. An attacker able to perform MitM can deliver a modified package list containing malicious software packages. If the packages are installed and used the attack escalates to untrusted code execution.

Related Vulnerabilities

CVE-2024-54840

MEDIUM

CVSS:6.1(Medium)

PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 does not properly address environment issues that can contribute to Host header injection.

CWE-3482024

CVE-2025-43918

MEDIUM

CVSS:6.4(Medium)

SSL.com before 2025-04-19, when domain validation method 3.2.2.4.14 is used, processes certificate requests such that a trusted TLS certificate may be issued for the domain name of a requester's email...

CWE-3482025

CVE-2022-4532

MEDIUM

CVSS:6.5(Medium)

The LOGIN AND REGISTRATION ATTEMPTS LIMIT plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.1. This is due to insufficient restrictions on where the IP Addr...

CWE-3482022

CVE-2025-1245

MEDIUM

CVSS:6.5(Medium)

Bypass Connection Restriction vulnerability in Hitachi Infrastructure Analytics Advisor (Data Center Analytics component), Hitachi Ops Center Analyzer (Hitachi Ops Center Analyzer detail view componen...

CWE-3482025

CVE-2022-44593

MEDIUM

CVSS:5.3(Medium)

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through 9.3.1.

CWE-3482022

CVE-2022-4529

MEDIUM

CVSS:5.3(Medium)

The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Ad...

CWE-3482022