Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-28853

HTTP header injection vulnerability

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.34.0
    • Component/s: None
    • Labels:
    • Release Note:
      Yes

      Description

      Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a specially crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from the vulnerable instance.

      https://support.sonatype.com/hc/en-us/articles/4405941762579-CVE-2021-40143-Nexus-Repository-3-HTTP-Header-Injection-2021-09-01

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            mchernikov Maksym Chernikov
            Last Updated By:
            Maksym Chernikov Maksym Chernikov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                tigCommentSecurity.panel-title