CVE-2017-14944

HIGH

Inedo ProGet < 4.7.13 - Improper Input Validation during Package Addition

Title source: llm
STIX 2.1

Description

Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://inedo.com/blog/proget-4714-released

Scores

CVSS v3 7.5
EPSS 0.0086
EPSS Percentile 54.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-20
Status published
Products (1)
inedo/proget < 4.7.13
Published Sep 30, 2017
Tracked Since Feb 18, 2026