Cve-2023-4863 - open-source libwebp library

Sonatype Nexus Repository ManagerOSS 3.41.1-01

Just info if Sonatype / Nexus Repository is affected by the last vulnerability discovered in open-source libwebp library

Thanks in advance

Juan

Hello @jmlp1 . We don’t disclose the specific exploitability of potential vulnerabilities in Sonatype Nexus Repository; we treat all vulnerabilities in our open source dependencies as potentially exploitable, and we schedule them all for removal or upgrade to a non-vulnerable version.

3.41.1 is more than a year old at this point, we would normally recommend you upgrade to a much more recent version. Versions this old are at risk of being significantly out of date in terms of security updates.