Lucene search

K

GoogleOSV:GHSA-3HCM-6FJC-47QQ

HistoryMay 24, 2022 - 10:28 p.m.

NuGet Package Manager Tampering Vulnerability

2022-05-2422:28:08

Google

osv.dev

6

nuget

package manager

tampering

vulnerability

linux

mac

authenticated attacker

build folder

obj

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

9.8%

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default obj), aka ‘NuGet Package Manager Tampering Vulnerability’.

References

github.com/NuGet/Home/issues/7908

github.com/NuGet/NuGet.Client

github.com/NuGet/NuGet.Client/commit/e32a2ea7096debd3e513188f6779bb1041593326

nvd.nist.gov/vuln/detail/CVE-2019-0976

portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976

web.archive.org/web/20200227075944/www.securityfocus.com/bid/108210

AI Score

6.8

Confidence

Low

EPSS

0

Percentile

9.8%

Related for OSV:GHSA-3HCM-6FJC-47QQ

veracode1 cvelist1 mscve1 debiancve1 prion1 nvd1 ubuntucve1 cve1 github1 symantec1 kaspersky1 talosblog1