OS Command Injection in Nexus Repository Manager 2.x -- Bypass for Nexus Repository Manage 2.14.15-01 Command Injection fix

https://support.sonatype.com/hc/en-us/articles/360033490774 An OS command injection vulnerability has been discovered in Nexus Repository Manager requiring immediate action. The vulnerability allows for an attacker with administrative access to nxrm to execute arbitrary commands on the system. We have mitigated the issue by not allowing the server to do this. This advisory provides the pertinent information needed to properly address this vulnerability, along with the details on how to reach us if you have any further questions or concerns. This vulnerability was identified by an external researcher and has been verified by our security team. We are not aware of any active exploits taking advantage of this issue. However, we strongly encourage all users of Nexus to immediately take the steps outlined in this advisory. The identified vulnerability can allow for the server to execute anything on the system, that the user running the server has privileges to. We are highly recommending all instances of Nexus be upgraded to Nexus 2.14.16 or later. The latest version can be downloaded from: https://help.sonatype.com/repomanager2/download For detailed information on upgrade compatibility, please see: https://support.sonatype.com/entries/21701998-Sonatype-Nexus-Upgrade-and-Compatibility-Notes