The 2020 State of the Software Supply Chain Report is available!

Study Shows High-Performance Dev Teams Fix OSS Vulns 26x Faster | Press Release

blog-logo Sonatype Blog

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities
Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.
Read More...

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

By Elisa Velarde on May 31, 2019 vulnerabilities
We're demystifying the jackson-databind and block polymorphic deserialization (CVE-2018-14721), which is vulnerable to Remote Code Execution.
Read More...

A Struts2 Vulnerability Hurricane: Deserialization

By Derek Weeks on September 06, 2017 Struts
Attackers are widely exploiting a new vulnerability in Apache Struts2 that allows them to remotely execute malicious code on web servers.
Read More...