Central-security-project


reports in last 90 days

2

disclosed resolved issues

1

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Critical OS Command Injection in Nexus Repository Manager 2.x

OS Command Injection cbagdude Time to triage: 1 Days and 3 hours


Time to close: 18 Days and 21 hours
Resolved

Medium c3p0 may be exploited by a Billion Laughs Attack when loading XML configuration

XML Entity Expansion amassey Time to triage: 0 Days and 2 hours


Time to close: 34 Days and 1 hours
Resolved

High Pippo XML Entity Expansion (Billion Laughs Attack)

XML Entity Expansion amassey Time to triage: 0 Days and 0 hours


Time to close: 93 Days and 22 hours
Informative