CVE-2014-0792
Sonatype Nexus 1.x-2.x - Remote Code Execution via Unintended Object Unmarshalling
Title source: llmDescription
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.sonatype.org/advisories/archive/2014-01-13-Nexus
Patch, Vendor Advisory x_refsource_confirm
https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability
Various Sources x_refsource_confirm
https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist
Scores
EPSS
0.0281
EPSS Percentile
84.7%
Details
CWE
CWE-94
Status
published
Products (21)
sonatype/nexus
1.0
sonatype/nexus
2.0
sonatype/nexus
2.0.1
sonatype/nexus
2.0.2
sonatype/nexus
2.0.3
sonatype/nexus
2.0.4 (2 CPE variants)
sonatype/nexus
2.0.5
sonatype/nexus
2.0.6
sonatype/nexus
2.1
sonatype/nexus
2.1.1
... and 11 more
Published
Jan 17, 2014
Tracked Since
Feb 18, 2026