First published: Fri Nov 01 2019(Updated: )
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Credit: support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Sonatype Nexus Repository Manager | <=2.14.14 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.