Lucene search
K

14 matches found

Nuclei
Nuclei
added last week110 views

Sonatype Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection id: CVE-2020-10199 info: name: Sonatype Nexus Repository Manager 3 - Remote Code Execution author: rootxharsh,iamnoooob,pdresearch severity: high description: Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection impact: |...

9CVSS7.3AI score0.99064EPSS
Exploits10References5
RedhatCVE
RedhatCVE
added 2025/05/22 5:38 p.m.5 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS7.1AI score0.99064EPSS
Exploits10References1
RedhatCVE
RedhatCVE
added 2020/11/25 6:22 p.m.45 views

CVE-2020-26238

A flaw was found in cron-utils. End applications passing unsanitized user input which is subsequently parsed by the @Cron annotation can allow an attacker to execute arbitrary expressions using JavaEL which will be implicitly executed by the constraint validator. The highest threat from this...

8.1CVSS6AI score0.04204EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.99 views

Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

9CVSS4.2AI score0.24318EPSS
Exploits3References6Affected Software1
OSV
OSV
added 2020/04/14 3:27 p.m.65 views

GHSA-8H56-V53H-5HHJ Remote Code Execution - JavaEL Injection (low privileged accounts) in Nexus Repository Manager

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution...

8.8CVSS7.2AI score0.24318EPSS
Exploits3References5
Github Security Blog
Github Security Blog
added 2020/04/14 3:27 p.m.341 views

Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS2.8AI score0.99064EPSS
Exploits10References8Affected Software1
OSV
OSV
added 2020/04/14 3:27 p.m.51 views

GHSA-G2F6-V5QH-H2MQ Nexus Repository Manager 3 - Remote Code Execution

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8CVSS8.7AI score0.99064EPSS
Exploits10References8
NVD
NVD
added 2020/04/01 7:15 p.m.16 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS8.9AI score0.99064EPSS
Exploits10References5
Prion
Prion
added 2020/04/01 7:15 p.m.27 views

Crlf injection

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

9CVSS8.8AI score0.99064EPSS
Exploits10References4Affected Software1
Vulnrichment
Vulnrichment
added 2020/04/01 6:27 p.m.5 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

7.1AI score0.99064EPSS
Exploits10References4
CVE
CVE
added 2020/04/01 6:27 p.m.1339 views

CVE-2020-10199

CVE-2020-10199 is a remote code execution vulnerability in Sonatype Nexus Repository Manager (NXRM) caused by a Java EL injection vulnerability. Affected versions are NXRM prior to 3.21.2 (with references noting exploitable in 3.21.1 and earlier). The underlying issue is a Java EL injection in Ne...

9CVSS8.6AI score0.99064EPSS
In wildExploits10References5Affected Software1
Cvelist
Cvelist
added 2020/04/01 6:27 p.m.30 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2...

8.8AI score0.99064EPSS
Exploits10References4
Positive Technologies
Positive Technologies
added 2020/04/01 12:0 a.m.3 views

PT-2020-6522 · Sonatype · Sonatype Nexus Repository +1

Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository versions prior to 3.21.2 Description: The issue is related to incorrect code generation management in the Sonatype Nexus Repository Manager, which can be exploited by a remote attacker to execute arbitrary code by...

9CVSS8AI score0.99064EPSS
Exploits11References17
ATTACKERKB
ATTACKERKB
added 2020/04/01 12:0 a.m.40 views

CVE-2020-10199

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection issue 1 of 2. Recent assessments: wvu-r7 at April 04, 2020 5:05am UTC reported: WIP exploit module: https://github.com/rapid7/metasploit-framework/pull/13195. Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker...

9CVSS8.7AI score0.99064EPSS
In wildExploits10References6
Rows per page
Query Builder