CVE-2019-5475

HIGH8.8EPSS 79.6%

OS Command Injection in Nexus Yum Repository Plugin

Published: 9/11/2019Modified: 11/8/2023

Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Affected packages (1)

Maven/org.sonatype.nexus.plugins:nexus-yum-repository-pluginfrom 0, < 2.14.14

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-5475
WEBhttps://hackerone.com/reports/654888