CVE-2024-5082
Nov. 21, 2024, 5:15 p.m.
Tags
Product(s) Impacted
Sonatype Nexus Repository
- up to 2.15.1
Description
A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1.
Weaknesses
CWE-94
Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE ID: 94Date
Published: Nov. 14, 2024, 3:15 a.m.
Last Modified: Nov. 21, 2024, 5:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
103e4ec9-0a87-450b-af77-479448ddef11
References
https://support.sonatype.com/
103e4ec9-0a87-450b-af77-479448ddef11