CVE-2023-29337

描述

NuGet Client Remote Code Execution Vulnerability

受影響套件(7)

• Debian/nugetfrom 0
• NuGet/Microsoft.Build.NuGetSdkResolver
• NuGet/NuGet.CommandLine>= 6.0.0, < 6.0.5
• NuGet/NuGet.Commands>= 6.0.0, < 6.0.5
• NuGet/NuGet.Common>= 6.0.0, < 6.0.5
• NuGet/NuGet.PackageManagement>= 6.0.0, < 6.0.5
• NuGet/NuGet.Protocol>= 6.0.0, < 6.0.5

CVSS 分數

參考連結(6)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2023-29337
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-29337
• PATCHhttps://github.com/NuGet/NuGet.Client
• WEBhttps://github.com/NuGet/NuGet.Client/commit/7fe6b814c901490292f02d8ea12749505fbb959a
• WEBhttps://github.com/NuGet/NuGet.Client/security/advisories/GHSA-6qmf-mmc7-6c2p
• WEBhttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337