Nexus Repository Manager <= 2.14.14 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability
There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 that could allow an attacker a Remote Code Execution (RCE).
The information has been provided by Christian August Holm Hansen
The original article can be found at:https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09
All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.
Nexus Repository Manager <= 2.14.14
Published Date: 11/01/2019