GHSA-8h56-v53h-5hhj
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8h56-v53h-5hhj
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/04/GHSA-8h56-v53h-5hhj/GHSA-8h56-v53h-5hhj.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8h56-v53h-5hhj
- Aliases
-
- CVE-2020-10204
- Published
- 2020-04-14T15:27:14Z
- Modified
- 2023-11-08T04:01:57.672917Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager
- Details
-
Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.
- Database specific
{ "nvd_published_at": "2020-04-01T19:15:00Z", "github_reviewed_at": "2020-04-14T15:26:21Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2020-10204
- https://securitylab.github.com/advisories/GHSL-2020-011-nxrm-sonatype
- https://securitylab.github.com/advisories/GHSL-2020-012-nxrm-sonatype
- https://support.sonatype.com/hc/en-us/articles/360044356194
- https://support.sonatype.com/hc/en-us/articles/360044882533
Affected packages
Maven / org.sonatype.nexus:nexus-core
Package
- Name
- org.sonatype.nexus:nexus-core
- View open source insights on deps.dev
- Purl
- pkg:maven/org.sonatype.nexus/nexus-core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.21.2
Affected versions
2.*
2.4.0-1
2.4.0-03
2.4.0-04
2.4.0-05
2.4.0-06
2.4.0-07
2.4.0-08
2.4.0-09
2.5.0-01
2.5.0-02
2.5.0-03
2.5.0-04
2.5.1-01
2.6.0-01
2.6.0-05
2.6.1-01
2.6.1-02
2.6.2-01
2.6.3-01
2.6.4-02
2.6.4-03
2.7.0-m1
2.7.0-m2
2.7.0-m3
2.7.0-m4
2.7.0-01
2.7.0-02
2.7.0-03
2.7.0-04
2.7.0-05
2.7.0-06
2.7.1-01
2.7.2-01
2.7.2-02
2.7.2-03
2.8.0-01
2.8.0-05
2.8.1-01
2.9.0-01
2.9.0-04
2.9.1-01
2.9.1-02
2.9.2-01
2.10.0-01
2.10.0-02
2.11.0-01
2.11.0-02
2.11.1-01
2.11.2-01
2.11.2-03
2.11.2-04
2.11.2-06
2.11.3-01
2.11.4-01
2.12.0-01
2.12.1-01
2.13.0-01
2.14.0-01
2.14.1-01
2.14.2-01
2.14.3-02
2.14.4-01
2.14.4-03
2.14.5-02
2.14.6-02
2.14.7-01
2.14.8-01
2.14.9-01
2.14.10-01
2.14.11-01
2.14.12-02
2.14.13-01
2.14.14-01
2.14.15-01
2.14.16-01
2.14.17-01
2.14.18-01
2.14.19-01
2.14.20-01
2.14.20-02
2.14.21-02
2.15.0-04
2.15.1-02
3.*
3.0.0-b2014101001
3.0.0-b2015020701
3.0.0-b2015061001
3.0.0-b2015091801
3.0.0-b2015110601
3.0.0-b2016011501
3.0.0-03
3.0.1-01
3.0.2-02
3.1.0-04
3.2.0-01
3.2.1-01
3.3.0-01
3.3.1-01
3.3.2-02
3.4.0-02
3.5.0-02
3.5.1-02
3.5.2-01
3.6.0-02
3.6.1-02
3.6.2-01
3.7.0-04
3.7.1-02
3.8.0-02
3.9.0-01
3.10.0-04
3.11.0-01
3.12.0-01
3.12.1-01
3.13.0-01
3.14.0-04
3.15.0-01
3.15.1-01
3.15.2-01
3.15.3-01
3.16.0-01
3.16.1-02
3.16.2-01
3.17.0-01
3.17.1-01
3.17.2-03
3.18.0-01
3.18.1-01
3.19.0-01
3.19.1-01
3.20.0-02
3.20.0-04
3.20.1-01
3.20.2-01
3.20.3-01
3.21.0-01
3.21.0-02
3.21.0-05
3.21.1-01