GHSA-3944-787c-f852

Source

https://github.com/advisories/GHSA-3944-787c-f852

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-3944-787c-f852/GHSA-3944-787c-f852.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-3944-787c-f852

Aliases

CVE-2020-10203

Published

2020-04-14T15:27:21Z

Modified

2023-11-08T04:01:57.612518Z

Severity

4.8 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Persistent Cross-Site scripting in Nexus Repository Manager

Details

Sonatype Nexus Repository before 3.21.2 allows XSS.

Database specific

{
    "nvd_published_at": null,
    "github_reviewed_at": "2020-04-14T15:26:28Z",
    "severity": "MODERATE",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

Maven / org.sonatype.nexus:nexus-core

Package

Name: org.sonatype.nexus:nexus-core; View open source insights on deps.dev
Purl: pkg:maven/org.sonatype.nexus/nexus-core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.21.2

Affected versions

2.*

2.4.0-1

2.4.0-03

2.4.0-04

2.4.0-05

2.4.0-06

2.4.0-07

2.4.0-08

2.4.0-09

2.5.0-01

2.5.0-02

2.5.0-03

2.5.0-04

2.5.1-01

2.6.0-01

2.6.0-05

2.6.1-01

2.6.1-02

2.6.2-01

2.6.3-01

2.6.4-02

2.6.4-03

2.7.0-m1

2.7.0-m2

2.7.0-m3

2.7.0-m4

2.7.0-01

2.7.0-02

2.7.0-03

2.7.0-04

2.7.0-05

2.7.0-06

2.7.1-01

2.7.2-01

2.7.2-02

2.7.2-03

2.8.0-01

2.8.0-05

2.8.1-01

2.9.0-01

2.9.0-04

2.9.1-01

2.9.1-02

2.9.2-01

2.10.0-01

2.10.0-02

2.11.0-01

2.11.0-02

2.11.1-01

2.11.2-01

2.11.2-03

2.11.2-04

2.11.2-06

2.11.3-01

2.11.4-01

2.12.0-01

2.12.1-01

2.13.0-01

2.14.0-01

2.14.1-01

2.14.2-01

2.14.3-02

2.14.4-01

2.14.4-03

2.14.5-02

2.14.6-02

2.14.7-01

2.14.8-01

2.14.9-01

2.14.10-01

2.14.11-01

2.14.12-02

2.14.13-01

2.14.14-01

2.14.15-01

2.14.16-01

2.14.17-01

2.14.18-01

2.14.19-01

2.14.20-01

2.14.20-02

2.14.21-02

2.15.0-04

2.15.1-02

3.*

3.0.0-b2014101001

3.0.0-b2015020701

3.0.0-b2015061001

3.0.0-b2015091801

3.0.0-b2015110601

3.0.0-b2016011501

3.0.0-03

3.0.1-01

3.0.2-02

3.1.0-04

3.2.0-01

3.2.1-01

3.3.0-01

3.3.1-01

3.3.2-02

3.4.0-02

3.5.0-02

3.5.1-02

3.5.2-01

3.6.0-02

3.6.1-02

3.6.2-01

3.7.0-04

3.7.1-02

3.8.0-02

3.9.0-01

3.10.0-04

3.11.0-01

3.12.0-01

3.12.1-01

3.13.0-01

3.14.0-04

3.15.0-01

3.15.1-01

3.15.2-01

3.15.3-01

3.16.0-01

3.16.1-02

3.16.2-01

3.17.0-01

3.17.1-01

3.17.2-03

3.18.0-01

3.18.1-01

3.19.0-01

3.19.1-01

3.20.0-02

3.20.0-04

3.20.1-01

3.20.2-01

3.20.3-01

3.21.0-01

3.21.0-02

3.21.0-05

3.21.1-01