Blacklist approach JDB

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental ...

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While ...

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream’s back, back again

Thought you cleaned up your malicious flatmap-stream code? Check again. You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending component once ...

Nexus Intelligence Insights: CVE-2019-13354: ‘strong_password’ embedded malicious code, RubyGems

We typically don’t follow one monthly Nexus Intelligence Insights post on the heels of another, but July’s vulnerability is time sensitive so we didn’t want to delay getting the next edition out ...