Featured Article

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

By Ax Sharma on April 16, 2024 vulnerabilities

The Sonatype Security Research team has identified over 15,000 npm packages that flood npm registry in a new trend where devs involved in the blockchain and cryptocurrency communities are leveraging

Read More

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

By Elisa Velarde on October 10, 2019 vulnerabilities

4 minute read time

Our October Nexus Intelligence Insight takes a second look at a popular component that's both a blessing and a curse to developers - jackson-databind.

Read More...

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

By Elisa Velarde on May 31, 2019 vulnerabilities

4 minute read time

We're demystifying the jackson-databind and block polymorphic deserialization (CVE-2018-14721), which is vulnerable to Remote Code Execution.

Read More...

Devs flood npm with 15,000 packages to reward themselves with Tea 'tokens'

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

Secure your software supply chain

Subscribe for all the latest software security news and events