Skip Navigation

CVE-2019-7238 in Nexus Repository Manager 3

March 14, 2019 By Mike Hansen

1 minute read time

In late December of 2018, researchers Rico from Tencent Security Yunding Lab and Voidfyoo from Chaitin Tech responsibly disclosed a critical vulnerability in Nexus Repository Manager 3 (NXRM) - CVE-2019-7238.

We responded immediately, and on February 5 we released NXRM 3.15 which fixed the identified vulnerability and removed the threat. We subsequently took numerous steps across multiple distribution channels to reach all Nexus Repository customers and users to ensure that they were aware of the issue and provide proper support.

Today, we noticed chatter in the community in response to this article.

The purpose of this post is to again emphasize the importance of upgrading to the latest version of Nexus Repository.


If you run into any problems, or have any questions/concerns, please contact us by filing a ticket at

Tags: Nexus Repository, Nexus Repository 3, Product

Written by Mike Hansen

Mike is the Head of Engineering and Product Development for Sonatype. He works relentlessly to surround himself with a diverse team of experts, making sure they know where to go and that they have what they need to get there.