GHSA-8h56-v53h-5hhj

Suggest an improvement
Source
https://github.com/advisories/GHSA-8h56-v53h-5hhj
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-8h56-v53h-5hhj/GHSA-8h56-v53h-5hhj.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-8h56-v53h-5hhj
Aliases
  • CVE-2020-10204
Published
2020-04-14T15:27:14Z
Modified
2023-11-01T04:51:23.459088Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
Details

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

Database specific
{
    "nvd_published_at": "2020-04-01T19:15:00Z",
    "github_reviewed_at": "2020-04-14T15:26:21Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-20"
    ]
}
References

Affected packages

Maven / org.sonatype.nexus:nexus-core

Package

Name
org.sonatype.nexus:nexus-core
View open source insights on deps.dev
Purl
pkg:maven/org.sonatype.nexus/nexus-core

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.21.2

Affected versions

2.*

2.4.0-1
2.4.0-03
2.4.0-04
2.4.0-05
2.4.0-06
2.4.0-07
2.4.0-08
2.4.0-09
2.5.0-01
2.5.0-02
2.5.0-03
2.5.0-04
2.5.1-01
2.6.0-01
2.6.0-05
2.6.1-01
2.6.1-02
2.6.2-01
2.6.3-01
2.6.4-02
2.6.4-03
2.7.0-m1
2.7.0-m2
2.7.0-m3
2.7.0-m4
2.7.0-01
2.7.0-02
2.7.0-03
2.7.0-04
2.7.0-05
2.7.0-06
2.7.1-01
2.7.2-01
2.7.2-02
2.7.2-03
2.8.0-01
2.8.0-05
2.8.1-01
2.9.0-01
2.9.0-04
2.9.1-01
2.9.1-02
2.9.2-01
2.10.0-01
2.10.0-02
2.11.0-01
2.11.0-02
2.11.1-01
2.11.2-01
2.11.2-03
2.11.2-04
2.11.2-06
2.11.3-01
2.11.4-01
2.12.0-01
2.12.1-01
2.13.0-01
2.14.0-01
2.14.1-01
2.14.2-01
2.14.3-02
2.14.4-01
2.14.4-03
2.14.5-02
2.14.6-02
2.14.7-01
2.14.8-01
2.14.9-01
2.14.10-01
2.14.11-01
2.14.12-02
2.14.13-01
2.14.14-01
2.14.15-01
2.14.16-01
2.14.17-01
2.14.18-01
2.14.19-01
2.14.20-01
2.14.20-02
2.14.21-02
2.15.0-04
2.15.1-02

3.*

3.0.0-b2014101001
3.0.0-b2015020701
3.0.0-b2015061001
3.0.0-b2015091801
3.0.0-b2015110601
3.0.0-b2016011501
3.0.0-03
3.0.1-01
3.0.2-02
3.1.0-04
3.2.0-01
3.2.1-01
3.3.0-01
3.3.1-01
3.3.2-02
3.4.0-02
3.5.0-02
3.5.1-02
3.5.2-01
3.6.0-02
3.6.1-02
3.6.2-01
3.7.0-04
3.7.1-02
3.8.0-02
3.9.0-01
3.10.0-04
3.11.0-01
3.12.0-01
3.12.1-01
3.13.0-01
3.14.0-04
3.15.0-01
3.15.1-01
3.15.2-01
3.15.3-01
3.16.0-01
3.16.1-02
3.16.2-01
3.17.0-01
3.17.1-01
3.17.2-03
3.18.0-01
3.18.1-01
3.19.0-01
3.19.1-01
3.20.0-02
3.20.0-04
3.20.1-01
3.20.2-01
3.20.3-01
3.21.0-01
3.21.0-02
3.21.0-05
3.21.1-01