CVE-2019-16530 – org.sonatype.nexus:nexus-repository

Package

Manager: maven
Name: org.sonatype.nexus:nexus-repository
Vulnerable Version: >=2.0.0 <2.14.15 || >=3.0.0 <3.19.0

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.04026 pctl0.8803

Details

Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

Metadata

Created: 2022-05-24T16:59:30Z
Modified: 2022-06-27T21:31:46Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hmjv-px3j-933c/GHSA-hmjv-px3j-933c.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-hmjv-px3j-933c
Finding: F027
Auto approve: 1