During our regular process, which is automated via the Lifecycle product, we found that several dependencies used in Nexus Repository Manger 2.x had vulnerabilities.
Affected areas and concerns
- Dependency library version that is susceptible to a DOS attack
- Dependency library that is below a specific version that has a vulnerability for XSS
- Dependency library allowed attacker to bake a special serialized object that will execute code directly when deserialized
- Upgrade dependency libraries to versions without discovered vulnerabilities.