Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Remediation

References

https://hackerone.com/reports/654888

Related Vulnerabilities

CVE-2020-28496 Vulnerability in npm package three

CVE-2020-14966 Vulnerability in maven package org.webjars.npm:jsrsasign

CVE-2020-36618 Vulnerability in npm package whois

CVE-2019-14862 Vulnerability in maven package org.webjars.bower:knockout

CVE-2021-21290 Vulnerability in maven package io.netty:netty-common

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory