Description
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Remediation
References
Related Vulnerabilities
SharePoint CVE-2022-30172 Vulnerability (CVE-2022-30172)
WordPress Plugin Enable Media Replace Arbitrary File Upload (4.0.1)
WebLogic CVE-2018-3252 Vulnerability (CVE-2018-3252)
WordPress Plugin Custom css-js-php Unspecified Vulnerability (2.0.2)
Jenkins Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)