CVE-2021-40143
8.2 HIGHSonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection
Published: 2021-09-07 · Last updated: 2026-06-17
Severity and scoring
- CVSS
- 8.2 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
- CWE
- CWE-74
Affected products
| Vendor | Product |
|---|---|
| sonatype | nexus_repository_manager_3 |
Description
Sonatype Nexus Repository 3.x through 3.33.1-01 is vulnerable to an HTTP header injection. By sending a crafted HTTP request, a remote attacker may disclose sensitive information or request external resources from a vulnerable instance.
Source: NVD
References
- [NVD]https://nvd.nist.gov/vuln/detail/CVE-2021-40143
- [Other]https://issues.sonatype.org/secure/ReleaseNote.jspa
- [Patch]https://support.sonatype.com/hc/en-us/articles/4405941762579
- [Other]https://issues.sonatype.org/secure/ReleaseNote.jspa
- [Patch]https://support.sonatype.com/hc/en-us/articles/4405941762579
Related CVEs
Same vendor
- CVE-2021-42568 — Sonatype Nexus Repository Manager 3.x through 3.35.0 allows attackers to access the SSL Certificates Loading function via a low-privilege... (4.3 MEDIUM)
Same CWE
- CVE-2026-12223 — A vulnerability was identified in Yealink SIP-T46U 108.86.0.118 (5.5 MEDIUM)
- CVE-2026-12219 — A flaw has been found in Yealink SIP-T46U 108.86.0.118 (6.3 MEDIUM)
- CVE-2026-12206 — A vulnerability was identified in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)
- CVE-2026-12197 — A security flaw has been discovered in Ruijie EG105G-P 2.340 (7.2 HIGH)
- CVE-2026-12188 — A vulnerability was detected in Grit42 Grit up to 0.11.0 (6.3 MEDIUM)