Maven package
org.sonatype.nexus/nexus-repository
pkg:maven/org.sonatype.nexus/nexus-repository
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-40143 | — | >= 3.0.0, < 3.34.0-01 | 3.34.0-01 | Sep 7, 2021 | Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance. | ||
| CVE-2019-16530 | — | >= 2.0.0, < 2.14.15 | 2.14.15 | Oct 21, 2019 | Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution. |
- CVE-2021-40143Sep 7, 2021affected >= 3.0.0, < 3.34.0-01fixed 3.34.0-01
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
- CVE-2019-16530Oct 21, 2019affected >= 2.0.0, < 2.14.15fixed 2.14.15
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.