Sonatype: >> Nexus Repository Manager 3 >> 3.21.1 Security Vulnerabilities
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
CVSS Score
8.2
EPSS Score
0.006
Published
2021-09-07
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is possible for a user with appropriate privileges to create, modify, and execute scripting tasks without use of the UI or API. NOTE: in 3.22.0, scripting is disabled by default (making this not exploitable).
CVSS Score
8.8
EPSS Score
0.012
Published
2020-04-20