Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
References
| Link | Resource |
|---|---|
| https://issues.sonatype.org/secure/ReleaseNote.jspa | Not Applicable |
| https://support.sonatype.com/hc/en-us/articles/4405941762579 | Patch Vendor Advisory |
| https://issues.sonatype.org/secure/ReleaseNote.jspa | Not Applicable |
| https://support.sonatype.com/hc/en-us/articles/4405941762579 | Patch Vendor Advisory |
Configurations
History
21 Nov 2024, 06:23
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://issues.sonatype.org/secure/ReleaseNote.jspa - Not Applicable | |
| References | () https://support.sonatype.com/hc/en-us/articles/4405941762579 - Patch, Vendor Advisory |
Information
Published : 2021-09-07 20:15
Updated : 2024-11-21 06:23
NVD link : CVE-2021-40143
Mitre link : CVE-2021-40143
CVE.ORG link : CVE-2021-40143
JSON object : View
Products Affected
sonatype
- nexus_repository_manager_3
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')