NuGet Package Manager Tampering Vulnerability

GHSA-3hcm-6fjc-47qq · CVE-2019-0976

Published May 24, 2022 · Modified Mar 24, 2024

Description

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default obj), aka 'NuGet Package Manager Tampering Vulnerability'.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-0976
WEB https://github.com/NuGet/Home/issues/7908
WEB https://github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326
PACKAGE https://github.com/NuGet/NuGet.Client
WEB https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
WEB https://web.archive.org/web/20200227075944/http://www.securityfocus.com/bid/108210

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes