Description
Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.
Remediation
References
https://issues.sonatype.org/secure/ReleaseNote.jspa
https://support.sonatype.com/hc/en-us/articles/360036132453
Related Vulnerabilities
CVE-2023-43642 Vulnerability in maven package org.xerial.snappy:snappy-java
CVE-2023-42794 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2023-27602 Vulnerability in maven package org.apache.linkis:linkis-storage-script-dev-server
CVE-2023-36478 Vulnerability in maven package org.eclipse.jetty.http3:http3-qpack
CVE-2022-25845 Vulnerability in maven package com.alibaba:fastjson