CVE-2019-0757

9 documents7 sources

Severity

6.5MEDIUM

EPSS

5.4%

top 9.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft .net Core SDK Microsoft Microsoft Visual Studio Microsoft Mono Framework +6 more

Timeline

PublishedApr 9

Latest updateMay 13

Description

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages7 packages

▶CVEListV5microsoft/nuget7 versions+6

▶NVDmicrosoft/nuget7 versions+6

▶CVEListV5microsoft/.net_core_sdk4 versions+3

▶NVDmicrosoft/.net_core_sdk1.1, 2.1.500, 2.2.100+2

▶CVEListV5microsoft/mono_framework5.18.0.223, 5.20.0+1

Also affects: Enterprise Linux 8.0, 8.1, 8.2, 8.4

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-c2wg-p84q-4x76: A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's↗2022-05-13

▶

CVEList

CVE-2019-0757: A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's↗2019-04-09

▶

📋Vendor Advisories

Microsoft

NuGet Package Manager Tampering Vulnerability↗2019-03-12

▶

Red Hat

dotnet: NuGet Tampering Vulnerability↗2019-03-12

▶

Debian

CVE-2019-0757: nuget - A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac ...↗2019

▶

💬Community

Bugzilla

CVE-2019-0757 rh-dotnet22: Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 [dotnet-2.2]↗2019-03-05

▶

Bugzilla

CVE-2019-0757 dotnet: NuGet Tampering Vulnerability↗2019-03-05

▶

Bugzilla

CVE-2019-0757 rh-dotnet21: Update to .NET Core Runtime 2.1.9 and SDK 2.1.505 [dotnet-2.1]↗2019-03-05

▶