CVE-2019-16530: Unrestricted Upload of File with Dangerous Type

May 24, 2022 (updated June 27, 2022)

Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x before 3.19, and IQ Server before 72, has remote code execution.

References

github.com/advisories/GHSA-hmjv-px3j-933c
issues.sonatype.org/secure/ReleaseNote.jspa
nvd.nist.gov/vuln/detail/CVE-2019-16530
support.sonatype.com/hc/en-us/articles/360036132453

Code Behaviors & Features

Detect and mitigate CVE-2019-16530 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →