CVE-2019-0976
MEDIUM5.5EPSS 0.23%NuGet Package Manager Tampering Vulnerability
發布日:2022/5/24修改日:2024/3/24
描述
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default `obj`), aka 'NuGet Package Manager Tampering Vulnerability'.
受影響套件(1)
- NuGet/NuGet.Commands>= 5.0.0, < 5.0.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.5 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2019-0976
- PATCHhttps://github.com/NuGet/NuGet.Client
- WEBhttps://github.com/NuGet/Home/issues/7908
- WEBhttps://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326
- WEBhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
- WEBhttps://web.archive.org/web/20200227075944/http://www.securityfocus.com/bid/108210