[NEXUS-25829] CVE-2020-29436: XML External Entities injection vulnerability - Sonatype JIRA

XML

Word

Printable

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.28.1
Fix Version/s: 3.29.0
Component/s: None
Labels:
None

Description

An XML External Entities injection vulnerability has been discovered in NXRM3. See https://support.sonatype.com/hc/en-us/articles/1500000415082-CVE-2020-29436-Nexus-Repository-Manager-3-and-Nexus-IQ-Server-XML-External-Entities-injection-2020-12-15 for more details.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Damian Bradicich

Last Updated By:: Joe Tom

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 11/10/20 05:13 PM

Updated:: 04/19/21 06:58 PM

Resolved:: 12/17/20 05:33 PM

Date of First Response:: 17/Nov/20 4:16 PM

tigCommentSecurity.panel-title