GHSA-g5m7-57ph-j6p8

Suggest an improvement
Source
https://github.com/advisories/GHSA-g5m7-57ph-j6p8
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/09/GHSA-g5m7-57ph-j6p8/GHSA-g5m7-57ph-j6p8.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g5m7-57ph-j6p8
Aliases
Published
2019-09-11T23:04:57Z
Modified
2023-11-08T04:01:36.650944Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
OS Command Injection in Nexus Yum Repository Plugin
Details

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

References

Affected packages

Maven / org.sonatype.nexus.plugins:nexus-yum-repository-plugin

Package

Name
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
View open source insights on deps.dev
Purl
pkg:maven/org.sonatype.nexus.plugins/nexus-yum-repository-plugin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.14.14

Affected versions

2.*

2.7.0-m2
2.7.0-m3
2.7.0-m4
2.7.0-01
2.7.0-02
2.7.0-03
2.7.0-04
2.7.0-05
2.7.0-06
2.7.1-01
2.7.2-01
2.7.2-02
2.7.2-03
2.8.0-01
2.8.0-05
2.8.1-01
2.9.0-01
2.9.0-04
2.9.1-01
2.9.1-02
2.9.2-01
2.10.0-01
2.10.0-02
2.11.0-01
2.11.0-02
2.11.1-01
2.11.2-01
2.11.2-03
2.11.2-04
2.11.2-06
2.11.3-01
2.11.4-01
2.12.0-01
2.12.1-01
2.13.0-01
2.14.0-01
2.14.1-01
2.14.2-01
2.14.3-02
2.14.4-01
2.14.4-03
2.14.5-02
2.14.6-02
2.14.7-01
2.14.8-01
2.14.9-01
2.14.10-01
2.14.11-01
2.14.12-02
2.14.13-01