Hi all,
Our security team tested the input validation on the ‘Search’ function in Nexus. It was observed that it was possible to input an extremely large string in the search field. The app does not limit the length of the input, no matter how large it is.
The concern is that increasing the length of the payload will cause the server to use up resources to process it, resulting in longer response time. This could result in a denial-of-service attack should the payload be long enough.
Can I check whether it is possible to limit the length of input in Nexus. Btw, we are using Sonatype Nexus Repository Manager OSS 3.38.
thanks.