CVE-2014-0792

Sonatype Nexus 1.x-2.x - Remote Code Execution via Unintended Object Unmarshalling

Title source: llm
STIX 2.1

Description

Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.

References (3)

Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.sonatype.org/advisories/archive/2014-01-13-Nexus

Scores

EPSS 0.0281
EPSS Percentile 84.7%

Details

CWE
CWE-94
Status published
Products (21)
sonatype/nexus 1.0
sonatype/nexus 2.0
sonatype/nexus 2.0.1
sonatype/nexus 2.0.2
sonatype/nexus 2.0.3
sonatype/nexus 2.0.4 (2 CPE variants)
sonatype/nexus 2.0.5
sonatype/nexus 2.0.6
sonatype/nexus 2.1
sonatype/nexus 2.1.1
... and 11 more
Published Jan 17, 2014
Tracked Since Feb 18, 2026