icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons

Sonatype Nexus < 2.7.1 'XStream' Object Remote Code Execution Vulnerability

Medium

Synopsis

The remote server contains a vulnerability that can be exploited for remote code execution.

Description

Versions of Sonatype Nexus earlier than 2.7.1 are prone to remote code execution vulnerability due to the application deserialising user-controlled XML data using the XStream library. Specifically, this issue affects 'XStream' object of the application.

Solution

The vendor has provided updates; upgrade to 2.7.1 or later.