CVE-2019-0757

Summary

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Affected Software

VendorProductVersion RangeStatus
MicrosoftMicrosoft Visual Studio2017 for Macaffected
Microsoft.NET Core SDK1.1 on .NET Core 1.0affected
Microsoft.NET Core SDK2.1.500 on .NET Core 2.1affected
Microsoft.NET Core SDK2.2.100 on .NET Core 2.2affected
Microsoft.NET Core SDK1.1 on .NET Core 1.1affected
MicrosoftNuget4.3.1affected
MicrosoftNuget4.4.2affected
MicrosoftNuget4.5.2affected
MicrosoftNuget4.6.3affected
MicrosoftNuget4.7.2affected
MicrosoftNuget4.8.2affected
MicrosoftNuget4.9.4affected
MicrosoftMono Framework5.18.0.223affected
MicrosoftMono Framework5.20.0affected

Weaknesses

  • Tampering

ADP Enrichment

CVE Program Container

Additional References

References