I use Sonatype Nexus Repository ManagerOSS 3.29.2-02. My company conducted a security scan,and find some security issues. The CVE number is CVE-2020-27223 and CVE-2020-27218
I want to know does these two vulnerabilities affect nexus ?
and which version fixes this vulnerability at present?
Thank you ~
Hello,
We are currently revamping how we communicate about security vulnerabilities. However, I’ve done some digging in our historical data. I can see that Sonatype Nexus Repository version 3.30.0 included an upgrade of Eclipse Jetty to 9.4.40.v20210413, which I believe should resolve both of those CVEs.