Sonatype Unveils Full-Spectrum Software Supply Chain Management | Press Release

Update to CVE-2019-7238 in Nexus Repository Manager 3

April 12, 2021 By Brent Kostak

Today, an article was brought to our attention that suggests a new attack tactic was targeting an old vulnerability in Nexus Repository Manager 3 (NXRM) - CVE-2019-7238. 

When the vulnerability was flagged to us in December 2018, we responded immediately, fixed the identified vulnerability and removed the threat. At the time, we also subsequently took numerous steps across multiple distribution channels to reach all Nexus Repository customers and users to ensure that they were aware of the issue and provide proper support.

While a majority of our users have updated several times since the vulnerability fix was released, with this new spotlight, we wanted to again emphasize the importance of upgrading to the latest version of Nexus Repository.

Resources:

If you run into any problems, or have any questions/concerns, please contact us by filing a ticket at https://support.sonatype.com.

Tags: Nexus Repository, Nexus Repository 3, Product

Written by Brent Kostak

Brent is the Product Marketing Manager connecting developers and DevOps communities to Sonatype Nexus tools and technologies