A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default obj
), aka ‘NuGet Package Manager Tampering Vulnerability’.
github.com/NuGet/Home/issues/7908
github.com/NuGet/NuGet.Client
github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326
nvd.nist.gov/vuln/detail/CVE-2019-0976
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
web.archive.org/web/20200227075944/www.securityfocus.com/bid/108210