GHSA-g5m7-57ph-j6p8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-g5m7-57ph-j6p8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/09/GHSA-g5m7-57ph-j6p8/GHSA-g5m7-57ph-j6p8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-g5m7-57ph-j6p8
- Aliases
- Published
- 2019-09-11T23:04:57Z
- Modified
- 2023-11-08T04:01:36.650944Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- OS Command Injection in Nexus Yum Repository Plugin
- Details
-
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
- Database specific
{ "nvd_published_at": "2019-09-03T20:15:00Z", "github_reviewed_at": "2019-09-04T14:40:16Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-78" ] }- References
Affected packages
Maven / org.sonatype.nexus.plugins:nexus-yum-repository-plugin
Package
- Name
- org.sonatype.nexus.plugins:nexus-yum-repository-plugin
- View open source insights on deps.dev
- Purl
- pkg:maven/org.sonatype.nexus.plugins/nexus-yum-repository-plugin
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.14.14
Affected versions
2.*
2.7.0-m2
2.7.0-m3
2.7.0-m4
2.7.0-01
2.7.0-02
2.7.0-03
2.7.0-04
2.7.0-05
2.7.0-06
2.7.1-01
2.7.2-01
2.7.2-02
2.7.2-03
2.8.0-01
2.8.0-05
2.8.1-01
2.9.0-01
2.9.0-04
2.9.1-01
2.9.1-02
2.9.2-01
2.10.0-01
2.10.0-02
2.11.0-01
2.11.0-02
2.11.1-01
2.11.2-01
2.11.2-03
2.11.2-04
2.11.2-06
2.11.3-01
2.11.4-01
2.12.0-01
2.12.1-01
2.13.0-01
2.14.0-01
2.14.1-01
2.14.2-01
2.14.3-02
2.14.4-01
2.14.4-03
2.14.5-02
2.14.6-02
2.14.7-01
2.14.8-01
2.14.9-01
2.14.10-01
2.14.11-01
2.14.12-02
2.14.13-01