Sonatype Delivers Premium Open Source Controls to GitHub | Press Release

Nexus Intelligence Insights

Try It Now  

Deep dive into Sonatype Security Research

See incredible research performed (24x7x365) by our team.  Learn how open source exploits work.  Get expert guidance on how to remediate risk.

Nexus Intelligence Insights: Sonatype-2020-0003 - npm malicious package 1337qq-js

Happy New Year! Nexus Intelligence Insights is back with an open source component vulnerability that turns out to be not so bad after all. 

Read More
GettyImages-157502040

Nexus Intelligence Insights: CVE-2018-5382 Bouncycastle Information Exposure

For our last Nexus Intelligence Insight of 2019, we'll cover a component vulnerability discovered in a not-so-happy accident that appears far more dangerous than the researcher had previously

Read More
blur-codes-coding

Nexus Intelligence Insights Sonatype-2017-0312: jackson-databind, The End of the Blacklist

For our October Nexus Intelligence Insight we will return to a very popular component that has been both a blessing and a curse to developers around the world. We’ll cover a fundamental change to

Read More
GettyImages-473158924

Nexus Intelligence Insights CVE-2019-15753: OpenStack (os-vif), Denial of Service & Information Exposure

Our news feeds are filled with reports of malicious attacks on open source code at the project source, most of which are bad actors leveraging code bases for their own gain. While we're taking

Read More
GettyImages-1029534500

Nexus Intelligence Insights: Sonatype-2018-0413, flatmap-stream's back, back again

 

Thought you cleaned up your malicious flatmap-stream code? Check again.

You may have thought you'd read everything there was to read about flatmap-stream and as a result, fixed the offending

Read More
GettyImages-941594596

Nexus Intelligence Insights - CVE-2018-14721 - jackson-databind remote code execution

It’s been a busy month here at Sonatype as the tide of vulnerable components continues to rise. Our Data Research team has been investigating a large volume of components and working hard to keep

Read More
GettyImages-992091590-1

Nexus Intelligence Insights: CVE-2019-0232 - Apache Tomcat CGI Servlet Remote Code Execution

In this month’s edition of Nexus Intelligence Insights we’ll explore a vulnerability that can be exploited through a variety of vectors including through a confusing patch release, which if not

Read More
GettyImages-1030922622

Nexus Intelligence Insights: CVE-2014-3483 - SQL Injection in PostgreSQL adapter for Active Record against 'range' data type

SQL injection hacks are nothing new. In fact, with the ever growing boldness of bad actors and the proliferation of automated tools designed to ferret out components that lend themselves to this

Read More
GettyImages-958939552

Nexus Intelligence Insights: CVE-2014-3603 — Lack of Hostname Verification in OpenSAML

This month, we will be covering a component that is a little older, but probably to the surprise of many, very widely used across a variety of ecosystems. Considering the type of vulnerability the

Read More