Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sonatype Nexus < 2.7.1 'XStream' Object Remote Code Execution Vulnerability

Medium

Synopsis

The remote server contains a vulnerability that can be exploited for remote code execution.

Description

Versions of Sonatype Nexus earlier than 2.7.1 are prone to remote code execution vulnerability due to the application deserialising user-controlled XML data using the XStream library. Specifically, this issue affects 'XStream' object of the application.

Solution

The vendor has provided updates; upgrade to 2.7.1 or later.