Description
The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Remediation
References
https://hackerone.com/reports/654888
Related Vulnerabilities
CVE-2020-13973 Vulnerability in maven package com.mikesamuel:json-sanitizer
CVE-2019-10795 Vulnerability in npm package undefsafe
CVE-2023-30363 Vulnerability in npm package vconsole
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.validation
CVE-2023-26120 Vulnerability in maven package com.xuxueli:xxl-job