GHSA-hmjv-px3j-933c

Source

https://github.com/advisories/GHSA-hmjv-px3j-933c

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hmjv-px3j-933c/GHSA-hmjv-px3j-933c.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hmjv-px3j-933c

Aliases

CVE-2019-16530

Published

2022-05-24T16:59:30Z

Modified

2023-11-08T04:01:17.983202Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager

Details

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

Database specific

{
    "nvd_published_at": "2019-10-21T14:15:00Z",
    "github_reviewed_at": "2022-06-27T21:31:46Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-434"
    ]
}

References

Affected packages

Maven / org.sonatype.nexus:nexus-repository

Package

Name: org.sonatype.nexus:nexus-repository; View open source insights on deps.dev
Purl: pkg:maven/org.sonatype.nexus/nexus-repository

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.14.15

Maven / org.sonatype.nexus:nexus-repository

Package

Name: org.sonatype.nexus:nexus-repository; View open source insights on deps.dev
Purl: pkg:maven/org.sonatype.nexus/nexus-repository

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0.0

Fixed

3.19.0

Affected versions

3.*

3.0.0-03

3.0.1-01

3.0.2-02

3.1.0-04

3.2.0-01

3.2.1-01

3.3.0-01

3.3.1-01

3.3.2-02

3.4.0-02

3.5.0-02

3.5.1-02

3.5.2-01

3.6.0-02

3.6.1-02

3.6.2-01

3.7.0-04

3.7.1-02

3.8.0-02

3.9.0-01

3.10.0-04

3.11.0-01

3.12.0-01

3.12.1-01

3.13.0-01

3.14.0-04

3.15.0-01

3.15.1-01

3.15.2-01

3.15.3-01

3.16.0-01

3.16.1-02

3.16.2-01

3.17.0-01

3.17.1-01

3.17.2-03

3.18.0-01

3.18.1-01