Description

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Remediation

References

https://hackerone.com/reports/654888

Related Vulnerabilities

CVE-2021-4040 Vulnerability in maven package org.apache.activemq:artemis-commons

CVE-2021-37694 Vulnerability in npm package @asyncapi/java-spring-cloud-stream-template

CVE-2019-10768 Vulnerability in npm package angular

CVE-2022-32210 Vulnerability in npm package undici

CVE-2020-10672 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind

Severity

Critical

Classification

CWE-78 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Third Party Advisory