Sonatype Selected by Equifax to Support OS Governance Press Release

blog-logo Sonatype Blog

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

By Elisa Velarde on April 26, 2019 vulnerability
In this month's Nexus Intelligence Insights we discuss a very popular component used by developers worldwide. Say hello to CVE-2019-0232, a remote code execution vulnerability.
Read More...

3 steps to deal with the aftermath of the highjacked eslint-scope package

By Ilkka Turunen on July 13, 2018 npm
Yesterday at noon BST a new github issue was opened in the popular eslint repository on github. Someone had highjacked this package which stole user's credentials. Here's how to react to the
Read More...

Crypto-Mining Crime Rings: The Newest Reason Why Software Supply Chain Hygiene Matters

There are many reasons why organizations should protect their software supply chains. Crypto-mining crime rings are just the latest.
Read More...

Remote code execution vulnerability (CVE-2017-8046) in Pivotal's Spring Framework

By Derek Weeks on March 05, 2018 Apache Struts2
A remote code execution vulnerability (CVE-2017-8046) in Pivotal's very popular Spring Framework was disclosed last week, although the original vulnerability dates back 7 months to late 2017.
Read More...