nexus-yum-repository-plugin is vulnerable to remote code execution. The vulnerability exists due to a bypass of the fix for CVE-2019-5475, whereby the getCleanCommand
function in CommandLineExecutor.java
allows arbitrary user-supplied data to be executed as code.
CPE | Name | Operator | Version |
---|---|---|---|
nexus-yum-repository-plugin | le | 01 |