Release date:
Updated on:
Affected Systems:
Sonatype Nexus <= 2.7.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 65043
CVE (CAN) ID: CVE-2014-0792
Sonatype Nexus is the component management solution required for software development.
Versions earlier than Sonatype Nexus 2.7.1 allow remote attackers to create arbitrary objects and execute arbitrary code by unpackaging unscheduled objects.
<* Source: vendor
Link: http://www.sonatype.org/advisories/archive/2014-01-13-Nexus
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Sonatype
--------
Sonatype has released a Security Bulletin (2014-01-13-Nexus) and corresponding patches for this purpose:
2014-01-13-Nexus: Sonatype Nexus Security Advisory
Link: http://www.sonatype.org/advisories/archive/2014-01-13-Nexus
The latest version of Nexus:
OSS: http://www.sonatype.org/nexus/go
Pro: https://support.sonatype.com/entries/20673111