Central Security Project - HackerOne Reports
View on HackerOne8
Total Reports
5
Critical
2
High
1
Medium
0
Low
Unsafe deserialization in Nexus Repository helm plugin
Reported by:
c0d3p1ut0s
|
Disclosed:
Critical
Weakness: Deserialization of Untrusted Data
OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix
Reported by:
wisolzzz
|
Disclosed:
Critical
Weakness: Command Injection - Generic
c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration
Reported by:
amassey
|
Disclosed:
Medium
Weakness: XML Entity Expansion
CVEs:
CVE-2018-20433
OS Command Injection in Nexus Repository Manager 2.x(bypass CVE-2019-5475)
Reported by:
badcode_
|
Disclosed:
Critical
Weakness: Command Injection - Generic
CVEs:
CVE-2019-5475
OS Command Injection in Nexus Repository Manager 2.x
Reported by:
christianaugust
|
Disclosed:
Critical
Weakness: OS Command Injection
Pippo XML Entity Expansion (Billion Laughs Attack)
Reported by:
amassey
|
Disclosed:
High
Weakness: XML Entity Expansion
Unrestricted File Upload Leading to Remote Code Execution
Reported by:
hland
|
Disclosed:
Critical
Weakness: Business Logic Errors
Repositories of datanucleus are fetched over insecure protocol (http insted of https)
Reported by:
keval_j
|
Disclosed:
High
Weakness: Man-in-the-Middle