2 matches found
CVE-2014-0792
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types...
CVE-2014-0792
Affected: Sonatype Nexus 1.x and 2.x prior to 2.7.1. Vulnerability: remote code execution through unmarshalling of unintended Object types in Nexus (XStream-based deserialization). Impact: attacker could create arbitrary objects and execute arbitrary code remotely. Root cause: unsafe deserializat...