CVE-2021-40143

HIGH8.2EPSS 2.2%

HTTP header injection in Sonatype Nexus Repository

Published: 9/8/2021Modified: 11/8/2023

Description

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

Affected packages (1)

Maven/org.sonatype.nexus:nexus-repository>= 3.0.0, < 3.34.0-01

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-40143
PATCHhttps://github.com/sonatype/nexus-public
WEBhttps://help.sonatype.com/repomanager3/release-notes/2021-release-notes
WEBhttps://issues.sonatype.org/secure/ReleaseNote.jspa
WEBhttps://support.sonatype.com/hc/en-us/articles/4405941762579