7.7 High
AI Score
Confidence
Low
0.032 Low
EPSS
Percentile
91.2%
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
www.sonatype.org/advisories/archive/2014-01-13-Nexus
sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist
support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability