Описание
HTTP header injection in Sonatype Nexus Repository
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Пакеты
Наименование
org.sonatype.nexus:nexus-repository
maven
Затронутые версииВерсия исправления
>= 3.0.0, <= 3.33.1-01
3.34.0-01
Связанные уязвимости
CVSS3: 8.2
nvd
больше 4 лет назад
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.