Description
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Remediation
References
Related Vulnerabilities
Jboss EAP Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2023-5379)
WebLogic CVE-2019-2648 Vulnerability (CVE-2019-2648)
math.js Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2017-1001002)
WordPress Plugin Plugin:Newsletter 'data' Parameter Information Disclosure (1.5)