漏洞描述
nexus 官方在修复CVE-2018-16621的时候采用的方法是将"${"替换为"{",过滤不严格导致EL表达式注入。攻击者可执行任意命令
nexus /service/rest/beta/repositories/go/group el表达式注入后台命令执行(CVE-2020-10199)
PoC代码
暂无相关漏洞推荐
- POC nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC CVE-2009-4679: Joomla! Portfolio Nexus - Remote File Inclusion
- POC CVE-2019-7238: Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution
- POC CVE-2020-10199: Sonatype Nexus Repository Manager 3 - Remote Code Execution
- POC CVE-2020-24571: NexusDB <4.50.23 - Local File Inclusion
- POC CVE-2022-46888: NexusPHP <1.7.33 - Cross-Site Scripting
- POC CVE-2024-4956: Sonatype Nexus Repository Manager 3 - Local File Inclusion
- POC CVE-2024-5082: Nexus Repository 2 - Remote Code Execution
- POC CVE-2019-7238: NEXUS < 3.14.0 Remote Code Execution
- POC CVE-2020-10199: Nexus Repository before 3.21.2 allows JavaEL Injection
- POC CVE-2020-10204: Nexus Repository before 3.21.2 Remote Code Execution
- POC CVE-2020-24571: NexusDB v4.50.22 Path Traversal
- POC CVE-2024-4956: Nexus Repository Manager 文件读取漏洞