Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_confirm
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1259
Scores
CVSS v3
6.5
EPSS
0.0539
EPSS Percentile
90.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (21)
microsoft/.net_core_sdk
1.1
microsoft/.net_core_sdk
2.1.500
microsoft/.net_core_sdk
2.2.100
microsoft/nuget
4.3.1
microsoft/nuget
4.4.2
microsoft/nuget
4.5.2
microsoft/nuget
4.6.3
microsoft/nuget
4.7.2
microsoft/nuget
4.8.2
microsoft/nuget
4.9.4
... and 11 more
Published
Apr 09, 2019
Tracked Since
Feb 18, 2026