Sonatype Introduces Next Generation Dependency Management | Press Release

Another Day, A New Vulnerability

New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers


Know What's in Your Software.

There is a new Apache Struts2 vulnerability being actively exploited. The new vulnerability, CVE-2018-11776, is a remote code execution bug found in Apache Struts2, and is similar to the 2017 vulnerability CVE-2017-5638, that led to many large scale attacks.

Our free service will tell you if your application is impacted and will offer remediation guidance.

The application analysis will show: 

  • Number of Components - Generate an inventory of open source components used in your application.
  • Vulnerability Risks  - Identify known open source security vulnerabilties, including the new Struts2 vulnerability.
  • License Risks - Determine what open source licenses pose a potential threat.  

Not sure what to evaluate?

While your source and binary code are not exposed, feel free to try one of our sample applications below:

Sample Application - a collection of components with known security vulnerabilities and license issues.
 - created in partnership with OWASP. This application is used to teach critical security best practices for development.

“Zero tolerance for risk is why some customers require us to provide proof that our applications do not contain hidden security or licensing vulnerabilities.  By partnering with Sonatype, we’re able to provide our customers with a detailed Software Bill of Materials validating that VMTurbo applications consist of only the highest quality open source components.”

- Sylvia Isler, Chief Architect at VMTurbo



The average application has 106 components.


The typical application has 23 known vulnerabilities per application.


Most applications indicate at least 8 GPL type licensed components.


Many components in use are old, unsupported, or unpopular versions.

Ready to Try Nexus Products?