CVE-2018-16621
First published: Thu Nov 15 2018(Updated: )
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sonatype Nexus Repository Manager | <3.14.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-16621?
CVE-2018-16621 is a vulnerability in Sonatype Nexus Repository Manager that allows Java Expression Language Injection.
How severe is CVE-2018-16621?
CVE-2018-16621 has a severity rating of 7.2, which is considered high.
What software is affected by CVE-2018-16621?
Sonatype Nexus Repository Manager version up to and excluding 3.14.0 is affected by CVE-2018-16621.
How do I fix CVE-2018-16621?
To fix CVE-2018-16621, upgrade to Sonatype Nexus Repository Manager version 3.14.0 or above.
Where can I find more information about CVE-2018-16621?
You can find more information about CVE-2018-16621 in the following references: [GitHub Security Lab Advisory](https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype) and [Sonatype support article](https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018).
- collector/nvd-index
- agent/weakness
- vendor/sonatype
- canonical/sonatype nexus repository manager