Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about the recurrence of the nexus operating system command injection vulnerability CVE-2019-5475, which may not be well understood by many people. in order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

Introduction to 0x00

Nexus, whose full name is Nexus Repository Manager, is a product of Sonatype. It is a powerful warehouse manager that greatly simplifies the maintenance of internal warehouses and access to external warehouses. It is mainly used to build maven private servers within the company. But its function is not only to create a maven private warehouse, but also can be used as a private warehouse for nuget, docker, npm, bower, pypi, rubygems, git lfs, yum, go, apt and so on.

Overview of 0x01 vulnerabilities

Sonatype Nexus Repository Manager (NXRM) is a Maven warehouse manager of Sonatype Company in the United States. An operating system command injection vulnerability exists in Sonatype NXRM. An attacker can exploit this vulnerability to execute code.

0x02 affects version

Nexus Repository Manager OSS

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.