{"id":"CVE-2019-15588","details":"There is an OS Command Injection in Nexus Repository Manager \u003c= 2.14.14 (bypass CVE-2019-5475) that could allow an attacker a Remote Code Execution (RCE). All instances using CommandLineExecutor.java with user-supplied data is vulnerable, such as the Yum Configuration Capability.","modified":"2026-04-11T21:07:45.496318Z","published":"2019-11-01T15:15:11.243Z","references":[{"type":"ADVISORY","url":"https://support.sonatype.com/hc/en-us/articles/360033490774-CVE-2019-5475-Nexus-Repository-Manager-2-OS-Command-Injection-2019-08-09"},{"type":"FIX","url":"https://hackerone.com/reports/688270"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sonatype/nexus-public","events":[{"introduced":"0"},{"last_affected":"7b9939e71693422d3e09adc3744fa2e9b3a62a63"}],"database_specific":{"cpe":"cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"last_affected":"2.14.14"}],"source":"CPE_FIELD"}}],"versions":["release-2.14.10-01","release-2.14.11-01","release-2.14.12-02","release-2.14.13-01","release-2.14.14-01","release-2.14.4-02","release-2.14.4-03","release-2.14.5-02","release-2.14.9-01"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-15588.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}]}