GHSA-f34x-8pf6-qc9c

Source

https://github.com/advisories/GHSA-f34x-8pf6-qc9c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-f34x-8pf6-qc9c/GHSA-f34x-8pf6-qc9c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-f34x-8pf6-qc9c

Aliases

CVE-2021-40143

Published

2021-09-08T17:42:18Z

Modified

2023-11-08T04:06:46.479030Z

Severity

8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N CVSS Calculator

Summary

HTTP header injection in Sonatype Nexus Repository

Details

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

Database specific

{
    "github_reviewed_at": "2021-09-08T17:35:50Z",
    "github_reviewed": true,
    "severity": "HIGH",
    "nvd_published_at": "2021-09-07T20:15:00Z",
    "cwe_ids": [
        "CWE-74"
    ]
}

References

Affected packages

Maven / org.sonatype.nexus:nexus-repository

Package

Name: org.sonatype.nexus:nexus-repository; View open source insights on deps.dev
Purl: pkg:maven/org.sonatype.nexus/nexus-repository

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.34.0-01

Affected versions

3.*

3.0.0-03

3.0.1-01

3.0.2-02

3.1.0-04

3.2.0-01

3.2.1-01

3.3.0-01

3.3.1-01

3.3.2-02

3.4.0-02

3.5.0-02

3.5.1-02

3.5.2-01

3.6.0-02

3.6.1-02

3.6.2-01

3.7.0-04

3.7.1-02

3.8.0-02

3.9.0-01

3.10.0-04

3.11.0-01

3.12.0-01

3.12.1-01

3.13.0-01

3.14.0-04

3.15.0-01

3.15.1-01

3.15.2-01

3.15.3-01

3.16.0-01

3.16.1-02

3.16.2-01

3.17.0-01

3.17.1-01

3.17.2-03

3.18.0-01

3.18.1-01

3.19.0-01

3.19.1-01

3.20.0-02

3.20.0-04

3.20.1-01

3.20.2-01

3.20.3-01

3.21.0-01

3.21.0-02

3.21.0-05

3.21.1-01

3.21.2-03

3.22.0-01

3.22.0-02

3.22.1-01

3.22.1-02

3.23.0-01

3.23.0-03

3.24.0-01

3.24.0-02

3.25.0-02

3.25.0-03

3.25.1-01

3.25.1-02

3.25.1-03

3.25.1-04

3.26.0-01

3.26.0-02

3.26.0-03

3.26.0-04

3.26.1-02

3.27.0-02

3.27.0-03

3.28.0-01

3.28.1-01

3.29.0-02

3.29.1-01

3.29.2-02

3.30.0-01

3.30.1-01

3.31.0-01

3.31.1-01

3.32.0-03

3.32.1-01

3.33.0-01

3.33.1-01

Database specific

last_known_affected_version_range

"<= 3.33.1-01"

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-f34x-8pf6-qc9c/GHSA-f34x-8pf6-qc9c.json"