CVE-2019-0757

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Published: Apr 9, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-0757
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
microsoft / nuget	4.3.1	4.3.1.x
microsoft / nuget	4.4.2	4.4.2.x
microsoft / nuget	4.5.2	4.5.2.x
microsoft / nuget	4.6.3	4.6.3.x
microsoft / nuget	4.7.2	4.7.2.x
microsoft / nuget	4.8.2	4.8.2.x
microsoft / nuget	4.9.4	4.9.4.x
mono-project / mono_framework	5.18.0.223	5.18.0.223.x
mono-project / mono_framework	5.20.0	5.20.0.x
microsoft / .net_core_sdk	1.1	1.1.x
microsoft / .net_core_sdk	2.1.500	2.1.500.x
microsoft / .net_core_sdk	2.2.100	2.2.100.x
redhat / enterprise_linux	8.0	8.0.x
redhat / enterprise_linux_eus	8.1	8.1.x
redhat / enterprise_linux_eus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.2	8.2.x
redhat / enterprise_linux_server_aus	8.2	8.2.x
redhat / enterprise_linux_server_tus	8.4	8.4.x
redhat / enterprise_linux_eus	8.4	8.4.x
redhat / enterprise_linux_server_aus	8.4	8.4.x

Vulnerability Database

289,599

CVE-2019-0757