CVE-2023-29337
HIGH7.1EPSS 0.34%NuGet Client Remote Code Execution Vulnerability
Published: 6/14/2023Modified: 4/28/2026
Description
NuGet Client Remote Code Execution Vulnerability
Affected packages (7)
- Debian/nugetfrom 0
- NuGet/Microsoft.Build.NuGetSdkResolver
- NuGet/NuGet.CommandLine>= 6.0.0, < 6.0.5
- NuGet/NuGet.Commands>= 6.0.0, < 6.0.5
- NuGet/NuGet.Common>= 6.0.0, < 6.0.5
- NuGet/NuGet.PackageManagement>= 6.0.0, < 6.0.5
- NuGet/NuGet.Protocol>= 6.0.0, < 6.0.5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-29337
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-29337
- PATCHhttps://github.com/NuGet/NuGet.Client
- WEBhttps://github.com/NuGet/NuGet.Client/commit/7fe6b814c901490292f02d8ea12749505fbb959a
- WEBhttps://github.com/NuGet/NuGet.Client/security/advisories/GHSA-6qmf-mmc7-6c2p
- WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337