In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/01 Report--
What is the vulnerability of Nexus Repository Manager code execution? aiming at this problem, this article introduces the corresponding analysis and answer in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible way.
0x00 vulnerability background
On April 02, 2020, 360CERT Monitoring found that Sonatype Security Team officially released a notice of a remote code execution vulnerability in Nexus Repository Manager 3.x. In the case of authentication, an attacker can cause remote code execution through JavaEL expression injection.
Nexus Repository is an open source warehouse management system, which provides richer functions on the basis of simple installation, configuration and use.
0x01 risk rating
360CERT assesses the vulnerability
Evaluation method, threat level, high risk impact area is general.
360CERT recommends that users update the Nexus Repository Manager version in a timely manner. Do a good job of asset self-check / self-test / prevention to avoid attack.
0x02 affects version
Nexus Repository Manager OSS/Pro:
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.