CVE-2019-0757
N/A
N/A
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Microsoft | Microsoft Visual Studio | 2017 for Mac | affected |
| Microsoft | .NET Core SDK | 1.1 on .NET Core 1.0 | affected |
| Microsoft | .NET Core SDK | 2.1.500 on .NET Core 2.1 | affected |
| Microsoft | .NET Core SDK | 2.2.100 on .NET Core 2.2 | affected |
| Microsoft | .NET Core SDK | 1.1 on .NET Core 1.1 | affected |
| Microsoft | Nuget | 4.3.1 | affected |
| Microsoft | Nuget | 4.4.2 | affected |
| Microsoft | Nuget | 4.5.2 | affected |
| Microsoft | Nuget | 4.6.3 | affected |
| Microsoft | Nuget | 4.7.2 | affected |
| Microsoft | Nuget | 4.8.2 | affected |
| Microsoft | Nuget | 4.9.4 | affected |
| Microsoft | Mono Framework | 5.18.0.223 | affected |
| Microsoft | Mono Framework | 5.20.0 | affected |
Weaknesses
- Tampering
ADP Enrichment
CVE Program Container
Additional References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- https://access.redhat.com/errata/RHSA-2019:1259
References
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- https://access.redhat.com/errata/RHSA-2019:1259
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.