Sonatype offre des fonctions de contrôle open source haut de gamme dédiées à GitHub | Communiqué de presse

Informations Nexus Intelligence

Essayer maintenant  

Deep dive into Sonatype Security Research

See incredible research performed (24x7x365) by our team.  Learn how open source exploits work.  Get expert guidance on how to remediate risk.

Spring Web

Nexus Intelligence Insights: CVE-2019-3773 Spring Web Services XML External Entity Injection (XXE)

Spring, a widely used component, makes programming multiple things in Java easier, faster, and safer. The project’s focus on speed, simplicity, and productivity has made it one of the world's most

Lire la suite
ghostcat

Nexus Intelligence Insights: What's in a Ghostcat? CVE-2020-1938 Apache Tomcat - Local File Inclusion Potentially Leads to RCE

For this month’s Nexus Intelligence Insights, let’s dive deep into the popular Ghostcat vulnerability making headlines recently.

This vulnerability deserves attention as it impacts the widely used

Lire la suite

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all. 

Lire la suite
GettyImages-157502040

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

For our last Nexus Intelligence Insight of 2019, we'll cover a component vulnerability discovered in a not-so-happy accident that appears far more dangerous than the researcher had previously

Lire la suite
blur-codes-coding

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental change to

Lire la suite
GettyImages-473158924

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we're taking

Lire la suite
GettyImages-1029534500

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream's back, back again

 

Thought you cleaned up your malicious flatmap-stream code? Check again.

You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending

Lire la suite
GettyImages-941594596

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

It’s been a busy month here at Sonatype as the tide of vulnerable components continues to rise. Our Data Research team has been investigating a large volume of components and working hard to keep

Lire la suite
GettyImages-992091590-1

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

In this month’s edition of Nexus Intelligence Insights we’ll explore a vulnerability that can be exploited through a variety of vectors including through a confusing patch release, which if not

Lire la suite