CVE-2020-17479: The return of Validation Bypass (CVE-2019-19507) in `jpv`

In addition to regular vulnerability data research, the Sonatype Security Research Team also contributes to the open-source community by going the extra mile when we discover flaws that were previously not reported ...

Nexus Intelligence Insights:CVE-2020-13935 – Apache Tomcat Websocket – Denial of Service (DoS)

For July’s Nexus Intelligence Insight we take a deep dive into a Denial of Service (DoS) vulnerability impacting the popular Apache Tomcat Websocket component ...

New in Nexus Repository 3.23: Nexus Intelligence via npm audit

We are excited to announce the official release of Nexus Repository 3.23. In this release, we continue the story of our enhanced JavaScript support with the new Nexus Intelligence via npm audit ...

Nexus Platform – 2019 Year in Review

Wow, is 2019 over? The year has gone by quickly and it’s probably because we have been so busy at Sonatype, continuing to develop new features for the Nexus Platform. Identifying market ...

The Dot Zero Conundrum and the New Frontier of Securing Open Source

Over the past two years, I’ve spoken about more than instances of adversaries intentionally publishing malicious components into public open source and container repositories. Adversaries used these attacks to mine cryptocurrency, steal ...