CVE-2021-40143
HIGHSonatype Nexus Repository Manager 3 3.0.0-3.33.1-01 - HTTP Header Injection
Title source: llmDescription
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
References (2)
Core 2
Core References
Not Applicable x_refsource_misc
https://issues.sonatype.org/secure/ReleaseNote.jspa
Patch, Vendor Advisory x_refsource_confirm
https://support.sonatype.com/hc/en-us/articles/4405941762579
Scores
CVSS v3
8.2
EPSS
0.0216
EPSS Percentile
79.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
Details
CWE
CWE-74
Status
published
Products (2)
org.sonatype.nexus/nexus-repository
3.0.0 - 3.34.0-01Maven
sonatype/nexus_repository_manager_3
3.0.0 - 3.34.0
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026