First published: Thu Nov 15 2018(Updated: )
Sonatype Nexus Repository Manager before 3.14 allows Java Expression Language Injection.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Sonatype Nexus Repository Manager | <3.14.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-16621 is a vulnerability in Sonatype Nexus Repository Manager that allows Java Expression Language Injection.
CVE-2018-16621 has a severity rating of 7.2, which is considered high.
Sonatype Nexus Repository Manager version up to and excluding 3.14.0 is affected by CVE-2018-16621.
To fix CVE-2018-16621, upgrade to Sonatype Nexus Repository Manager version 3.14.0 or above.
You can find more information about CVE-2018-16621 in the following references: [GitHub Security Lab Advisory](https://securitylab.github.com/advisories/GHSL-2020-015-nxrm-sonatype) and [Sonatype support article](https://support.sonatype.com/hc/en-us/articles/360010789153-CVE-2018-16621-Nexus-Repository-Manager-Java-Injection-October-17-2018).