Sonatype Nexus is vulnerable to remote code execution. A lack of validation allows attackers to execute arbitrary code through the creation and deserialization of arbitrary object types.
CPE | Name | Operator | Version |
---|---|---|---|
nexus-core | le | 2.7.0-06 |
www.sonatype.org/advisories/archive/2014-01-13-Nexus
sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist
support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability
support.sonatype.com/hc/en-us/articles/213464858-Configuring-XStream-Whitelist
support.sonatype.com/hc/en-us/articles/213465938-CVE-2014-0792-Nexus-Security-Advisory-xstream