<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 https://www.facebook.com/tr?id=1127487224079104&amp;ev=PageView&amp;noscript=1 ">

Les enseignements de l'analyse de 36 000 projets d'OSS | Communiqué de presse

Informations Nexus Intelligence

Essayer maintenant  

Deep dive into Sonatype Security Research

See incredible research performed (24x7x365) by our team.  Learn how open source exploits work.  Get expert guidance on how to remediate risk.

GettyImages-941594596

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

It’s been a busy month here at Sonatype as the tide of vulnerable components continues to rise. Our Data Research team has been investigating a large volume of components and working hard to keep

Lire la suite
GettyImages-992091590-1

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

In this month’s edition of Nexus Intelligence Insights we’ll explore a vulnerability that can be exploited through a variety of vectors including through a confusing patch release, which if not

Lire la suite
GettyImages-1030922622

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

SQL injection hacks are nothing new. In fact, with the ever growing boldness of bad actors and the proliferation of automated tools designed to ferret out components that lend themselves to this

Lire la suite
GettyImages-958939552

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

This month, we will be covering a component that is a little older, but probably to the surprise of many, very widely used across a variety of ecosystems. Considering the type of vulnerability the

Lire la suite
GettyImages-1047719428-1

Nexus Intelligence Insights - CVE-2017-5662 - Cross-Site Scripting (XSS)

Happy New Year!

To kick off 2019 we will be covering a vulnerability that is complex in context. All developers are aware of the varieties of privilege escalation and Cross-Site Scripting (XSS)

Lire la suite
crime scene

Open Source Software Is Under Attack; New Event-Stream Hack Is Latest Proof

Earlier this year, I detailed a new battlefront for open source software based on the fact that bad actors are increasingly polluting public wells like npm which millions of thirsty developers

Lire la suite
GettyImages-924291506-1

Nexus Intelligence Insights - CVE-2018-10237- Guava Vulnerability

Welcome back to Nexus Intelligence Insights.

This month, we’re covering a vulnerability type that until recently, has flown a bit under the radar: deserialization of untrusted data.

Our featured

Lire la suite
GettyImages-1023387542-1

Introducing Nexus Intelligence Insights

Open Source vulnerabilities are an unfortunate fact of life. Vulnerable Open Source component downloads are up 12% over last year, and breaches involving OSS are up 55% year over year, according

Lire la suite