PRP: Request Nexus Repository 3 Arbitrary File Read (CVE-2024-4956) #498
Assignees
Labels
Contributor queue
When a contributor has already one issue/PR in review, we put the following ones on hold with this.
Comments
tooryx
added
the
Contributor queue
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi there.
I would like to start implementing a plugin to detect Nexus Repository 3 Arbitrary File Read (CVE-2024-4956). This vulnerability was published on May 2024. I believe AI software may also use this.
References:
https://nvd.nist.gov/vuln/detail/CVE-2024-4956
Description:
Sonatype Nexus Repository Manager is an open-source repository management system developed by Sonatype. It is designed to organize, store, and distribute software components, binaries, and build artifacts across an organization's software development lifecycle. Nexus supports a wide variety of repository formats, including Maven, npm, NuGet, Docker, and more, making it a versatile tool for managing dependencies in various programming languages and environments.
Affected Versions:
Sonatype Nexus Repository < 3.68.1
Thanks.
The text was updated successfully, but these errors were encountered: