Описание
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-10204
- https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
- https://securitylab.github.com/advisories/GHSL-2020-012-nxrm-sonatype
- https://support.sonatype.com/hc/en-us/articles/360044356194
- https://support.sonatype.com/hc/en-us/articles/360044882533
Пакеты
Наименование
org.sonatype.nexus:nexus-core
maven
Затронутые версииВерсия исправления
< 3.21.2
3.21.2
Связанные уязвимости
CVSS3: 7.2
nvd
почти 6 лет назад
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.