CVE-2019-0976
MEDIUM5.5EPSS 0.23%NuGet Package Manager Tampering Vulnerability
Published: 5/24/2022Modified: 3/24/2024
Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default `obj`), aka 'NuGet Package Manager Tampering Vulnerability'.
Affected packages (1)
- NuGet/NuGet.Commands>= 5.0.0, < 5.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0976
- PATCHhttps://github.com/NuGet/NuGet.Client
- WEBhttps://github.com/NuGet/Home/issues/7908
- WEBhttps://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
- WEBhttps://web.archive.org/web/20200227075944/http://www.securityfocus.com/bid/108210