Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1bTctNTdwaC1qNnA4
OS Command Injection in Nexus Yum Repository Plugin
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Permalink: https://github.com/advisories/GHSA-g5m7-57ph-j6p8JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1bTctNTdwaC1qNnA4
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: about 5 years ago
Updated: almost 2 years ago
CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Percentage: 0.00755
EPSS Percentile: 0.81502
Identifiers: GHSA-g5m7-57ph-j6p8, CVE-2019-5475
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-5475
- https://hackerone.com/reports/654888
- https://github.com/advisories/GHSA-g5m7-57ph-j6p8
Affected Packages
maven:org.sonatype.nexus.plugins:nexus-yum-repository-plugin
Dependent packages: 2Dependent repositories: 2
Downloads:
Affected Version Ranges: < 2.14.14
Fixed in: 2.14.14
All affected versions:
All unaffected versions: