High severityCISA KEVNVD Advisory· Published Apr 1, 2020· Updated Oct 21, 2025
CVE-2020-10199
CVE-2020-10199
Description
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.sonatype.nexus:nexus-extdirectMaven | < 3.21.2 | 3.21.2 |
Affected products
1- Sonatype/Nexus Repositorydescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- github.com/advisories/GHSA-g2f6-v5qh-h2mqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-10199ghsaADVISORY
- securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatypeghsaADVISORY
- packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
- packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.htmlghsax_refsource_MISCWEB
- cwe.mitre.org/data/definitions/917.htmlghsax_refsource_MISCWEB
- support.sonatype.com/hc/en-us/articles/360044882533ghsax_refsource_CONFIRMWEB
- www.cisa.gov/known-exploited-vulnerabilities-catalogghsaWEB
News mentions
0No linked articles in our index yet.