CVE-2021-40143

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 8.2

CVSS2: 6.4

EPSS Низкий

Описание

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

Ссылки

https://issues.sonatype.org/secure/ReleaseNote.jspa
Not Applicable
https://support.sonatype.com/hc/en-us/articles/4405941762579
Patch
Vendor Advisory
https://issues.sonatype.org/secure/ReleaseNote.jspa
Not Applicable
https://support.sonatype.com/hc/en-us/articles/4405941762579
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sonatype:nexus_repository_manager_3:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.34.0 (исключая)

EPSS

Процентиль: 76%

0.00929

Низкий

8.2 High

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

GHSA-f34x-8pf6-qc9c