What is CVE-2019-5475?

CVE-2019-5475 is a vulnerability in Nexus Repository Manager, classified under OS Command Injection. Published 2019-09-03.

Is CVE-2019-5475 known to be exploited?

21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Nexus Repository Manager

CVE-2019-5475

The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.796 (99.1th percentile) — read the EPSS interpretation.

Affected products

N/a Nexus Repository Manager — versions 2.14.9-01

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

jaychouzzk/CVE-2019-5475-Nexus-Repository-Manager-
EXP-Docs/CVE-2019-5475
rabbitmask/CVE-2019-5475-EXP
ARPSyndicate/cvemon
CLincat/vulcat
EXP-Docs/CVE-2019-15588
HimmelAward/Goby_
NyxAzrael/Goby_
SexyBeast233/SecBooks
TesterCC/exp_

References

hackerone.com/reports/654888 (x_refsource_MISC)

Frequently asked questions

What is CVE-2019-5475?: CVE-2019-5475 is a vulnerability in Nexus Repository Manager, classified under OS Command Injection. Published 2019-09-03.
Is CVE-2019-5475 known to be exploited?: 21 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.