CVE-2020-10199: Nexus Repository Manager 3 - Remote Code Execution
(updated )
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
References
- cwe.mitre.org/data/definitions/917.html
- github.com/advisories/GHSA-g2f6-v5qh-h2mq
- github.com/sonatype/nexus-public
- nvd.nist.gov/vuln/detail/CVE-2020-10199
- securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype
- support.sonatype.com/hc/en-us/articles/360044882533
- www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10199
Code Behaviors & Features
Detect and mitigate CVE-2020-10199 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →