Nexus Repository Manager <= 2.14.14 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability


There is an OS Command Injection in Nexus Repository Manager <= 2.14.14 that could allow an attacker a Remote Code Execution (RCE).























The information has been provided by Christian August Holm Hansen

The original article can be found at:


All instances using with user-supplied data is vulnerable, such as the Yum Configuration Capability.


Vulnerable Systems:

Nexus Repository Manager <= 2.14.14 


CVE Information:



Disclosure Timeline:
Published Date: 11/01/2019