← back
CVE-2020-10199

CVE-2020-10199

CVSS 8.8 HIGHEPSS 99.1%● KEVCWE-917
In short

Nexus Repository before version 3.21.2 has a vulnerability where attackers can inject malicious Java Expression Language (JavaEL) code, potentially executing arbitrary commands on the server.

Technical detail

This JavaEL injection vulnerability (CWE-917) in Nexus Repository < 3.21.2 allows unauthenticated or low-privileged attackers to inject arbitrary expressions that are evaluated server-side, leading to remote code execution. The vulnerability stems from insufficient input validation on user-supplied data processed through EL evaluation contexts.

Summary generated and translated by AI from the official description.
Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found10
githubgithub.com/zhzyker/CVE-2020-10199_POC-EXP43githubgithub.com/jas502n/CVE-2020-1019935githubgithub.com/aleenzz/CVE-2020-1019931githubgithub.com/magicming200/CVE-2020-10199_CVE-2020-1020425githubgithub.com/wsfengfan/CVE-2020-10199-1020419githubgithub.com/hugosg97/CVE-2020-10199-Nexus-3.21.010exploitdbwww.exploit-db.com/exploits/48343unverifiedcve_referencepacketstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.htmlunverifiedexploitdbwww.exploit-db.com/exploits/49385unverifiedcve_referencepacketstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/157261/Nexus-Repository-Manager-3.21.1-01-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/160835/Sonatype-Nexus-3.21.1-Remote-Code-Execution.htmlhttps://cwe.mitre.org/data/definitions/917.htmlhttps://support.sonatype.com/hc/en-us/articles/360044882533https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-10199