{"id":"CVE-2019-5475","details":"The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.","aliases":["GHSA-g5m7-57ph-j6p8"],"modified":"2026-05-30T15:46:12.040515Z","published":"2019-09-03T20:15:11.467Z","references":[{"type":"EVIDENCE","url":"https://hackerone.com/reports/654888"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sonatype/nexus-public","events":[{"introduced":"0"},{"last_affected":"2ba4210946b81167a8b02e9e8f132e054df190c3"}],"database_specific":{"extracted_events":[{"introduced":"2.0"},{"last_affected":"2.14.9-01"}],"source":"CPE_RANGE","cpe":"cpe:2.3:a:sonatype:nexus_repository_manager:*:*:*:*:*:*:*:*"}}],"versions":["release-2.14.9-01","release-2.14.5-02","release-2.14.4-03","release-2.14.4-02"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-5475.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}