CVE-2019-5475: OS Command Injection
First published: Tue Sep 03 2019(Updated: )
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sonatype Nexus Repository Manager | >=2.0<=2.14.9-01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5475?
CVE-2019-5475 is a vulnerability in the Nexus Yum Repository Plugin in version 2 of Sonatype Nexus Repository Manager that allows remote code execution.
How severe is CVE-2019-5475?
CVE-2019-5475 has a severity rating of 8.8 out of 10, which is considered critical.
Which software is affected by CVE-2019-5475?
The Nexus Yum Repository Plugin in version 2 of Sonatype Nexus Repository Manager is affected by CVE-2019-5475.
How can I fix CVE-2019-5475?
To fix CVE-2019-5475, it is recommended to update Sonatype Nexus Repository Manager to a version that is not affected by the vulnerability.
Where can I find more information about CVE-2019-5475?
More information about CVE-2019-5475 can be found at the following link: https://hackerone.com/reports/654888
- collector/nvd-index
- agent/references
- agent/severity
- vendor/sonatype
- canonical/sonatype nexus repository manager
- version/sonatype nexus repository manager/2.0
- version/sonatype nexus repository manager/2.14.9-01