Remote Code Execution
The Nexus Yum Repository Plugin is vulnerable to Remote Code Execution when instances using CommandLineExecutor.java are supplied vulnerable data, such as the Yum Configuration Capability.
Advisories for Maven/Org.sonatype.nexus.plugins/Nexus-Yum-Repository-Plugin package
2019