{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-01-14T00:00:00", "descriptions": [{"lang": "en", "value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-17T15:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-0792", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus", "refsource": "CONFIRM", "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"}, {"name": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability", "refsource": "CONFIRM", "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"}, {"name": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist", "refsource": "CONFIRM", "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T09:27:19.620Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-0792", "datePublished": "2014-01-17T16:00:00", "dateReserved": "2014-01-03T00:00:00", "dateUpdated": "2024-08-06T09:27:19.620Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sonatype:nexus:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D91A8DD-C3B2-4258-9A83-F85FD9CA5AEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "AC255313-6743-4318-9400-533551A97904", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "0DFA8904-FD47-4CF0-9D8A-6E4E8D5147D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "15C5954F-7899-499F-ACA1-C34365CEDEC1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "7DB5988E-B354-4F8D-91AC-39161995269B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "468BCA4D-FBFF-4ECF-B925-6C4BECE509E5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.4:1:*:*:*:*:*:*", "matchCriteriaId": "9204166D-4460-408D-B1D8-DEC0DA19DA5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "EC3B79A2-55D4-44C2-982B-08C23AD64710", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "F5A1C46A-7C6B-430F-945D-968ABBCE1348", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "8947E3F8-89CC-4919-8116-605D98FA8B80", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5FF73EAB-D7D9-4C9F-9BBF-459FA70D6C62", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1FE7B4CF-0FA2-42A4-86A2-D2A101358994", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A83DA027-AE5D-4A19-BACE-FACD9859D4AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "D92A3FC0-2D84-48CC-BC1D-3EDE7B08F097", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D007ADA9-CAA6-47E8-B135-E95E9FEC6D5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "55F954B1-D301-401A-B6D4-12F10DE9CF36", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.0:*:*:*:*:*:*:*", "matchCriteriaId": "C21354A4-A877-4B84-B3BB-EE8EBC581DDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "FD592E54-D5D4-4CA3-A90A-5966049E501F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "97DFC1CB-9855-4025-B956-5471DF55151A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "BC6D39F4-2E88-4309-9A89-252950486EB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "4FFC19B9-F63C-4982-A0AC-29A2558B9F38", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:*:*:*:*:*:*:*", "matchCriteriaId": "B0AC1A75-E88B-4EC5-88A5-01257C65BBF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:04:*:*:*:*:*:*", "matchCriteriaId": "9DC31CAA-CC78-419B-B59F-4E7B756E8B5F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:05:*:*:*:*:*:*", "matchCriteriaId": "4494C42B-3ABE-4743-83F4-FF8DDCEB7A3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sonatype:nexus:2.7.0:06:*:*:*:*:*:*", "matchCriteriaId": "7975DE00-DFFD-4DF0-B971-FF5CE97C72B7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types."}, {"lang": "es", "value": "Sonatype Nexus 1.x y 2.x anteriores a 2.7.1 permite a atacantes remotos crear objetos de forma arbitraria y ejecutar c\u00f3digo a trav\u00e9s de vectores no especificados relacionados con la resoluci\u00f3n de referencias de tipo de Objeto a los que no se deber\u00eda"}], "id": "CVE-2014-0792", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-01-17T20:55:04.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"}, {"source": "cve@mitre.org", "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.sonatype.org/advisories/archive/2014-01-13-Nexus"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://sonatype.zendesk.com/entries/37551958-Configuring-Xstream-Whitelist"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://support.sonatype.com/entries/37828023-Nexus-Security-Vulnerability"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}