CVE-2021-40143

HIGH8.2EPSS 2.2%

HTTP header injection in Sonatype Nexus Repository

發布日:2021/9/8修改日:2023/11/8

描述

Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.

受影響套件(1)

Maven/org.sonatype.nexus:nexus-repository>= 3.0.0, < 3.34.0-01

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-40143
PATCHhttps://github.com/sonatype/nexus-public
WEBhttps://help.sonatype.com/repomanager3/release-notes/2021-release-notes
WEBhttps://issues.sonatype.org/secure/ReleaseNote.jspa
WEBhttps://support.sonatype.com/hc/en-us/articles/4405941762579