News and Notes from the Makers of Nexus | Sonatype Blog

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

By Ilkka Turunen on April 01, 2024 Software Supply Chain

Learn about a new, targeted backdoor supply chain attack against the popular XZ compression utility seen in many Linux distributions such as fedora and debian. Understand it's impact, potential risks

3 minute read time

This Nexus Intelligence Insight covers CVE-2019-3773: cross site scripting vulnerabilities in Spring Web Services XML External Entity Injection (XXE).

CVE-2024-3094 The targeted backdoor supply chain attack against XZ and liblzma

Nexus Intelligence Insights: CVE-2019-3773 Spring Web Services XML External Entity Injection (XXE)

Secure your software supply chain

Subscribe for all the latest software security news and events