Nexus Intelligence Insights: Sonatype-2020-0003 – npm malicious package 1337qq-js
Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all ... Read More
Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure
For our last Nexus Intelligence Insight of 2019, we'll cover a component vulnerability discovered in a not-so-happy accident that appears far more dangerous than the researcher had previously hypothesized ... Read More
Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist
For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental change to a default setting and how that change in ‘type’ may impact the security of your next ... Read More
Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure
Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we're taking this growing issue, more seriously than anyone else, we're also not taking our eye off the ... Read More
Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again
Thought you cleaned up your malicious flatmap-stream code? Check again. You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending component once and for all. However, after a deeper inspection of embedded components potentially still in use, the Sonatype Data ... Read More
Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems
We typically don’t follow one monthly Nexus Intelligence Insights post on the heels of another, but July’s vulnerability is time sensitive so we didn’t want to delay getting the next edition out for everyone to read ... Read More