Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

blog-logo Sonatype Blog

Elisa Velarde

Elisa was a Senior Product Marketing Manager at Sonatype. She brought over 10 years of experience in sourcing, mentoring, and leading Marketing or full Agile product teams while maintaining a collaborative, cross-departmental approach to support company goals.

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

By Elisa Velarde on January 15, 2020 vulnerabilities
In this month's Nexus Intelligence Insights, we cover Sonatype-2020-0003: npm malicious package 1337qq-js. Here's why it made noise but had no impact.
Read More...

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

By Elisa Velarde on December 26, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2018-5382: Information exposure in the bouncycastle component
Read More...

Nexus Intelligence Insights: CVE-2018-16487 Lodash RCE + 'prototype' pollution

By Elisa Velarde on November 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2018-16487: remote code execution and 'prototype' pollution in Lodash and how to protect against a hack of this vulnerable vector.
Read More...

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities
Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.
Read More...

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

By Elisa Velarde on September 27, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2019-15753: a MAC address aging vulnerability that opens up the potential for a DoS and information exposure attack.
Read More...

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream's back, back again

By Elisa Velarde on August 20, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering Sonatype-2018-0413: a deeper dive into flatmap-stream and malicious code injection vectors in additional components
Read More...

Nexus Intelligence Insights: CVE-2019-13354: 'strong_password' embedded malicious code, RubyGems

By Elisa Velarde on July 10, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're covering CVE-2019-13354: strong_password, an embedded malicious code vulnerability in RubyGems.
Read More...

Nexus Intelligence Insights: CVE-2018-1109-Braces Regular expression Denial of Service (ReDoS) attack

By Elisa Velarde on June 28, 2019 vulnerabilities
In this month's Nexus Intelligence Insights, we're analyzing the mechanics of the braces regular expression denial of service attack - and what you can do to stop it.
Read More...

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

By Elisa Velarde on May 31, 2019 vulnerabilities
We're demystifying the jackson-databind and block polymorphic deserialization (CVE-2018-14721), which is vulnerable to Remote Code Execution.
Read More...