Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
References (2)
Core 2
Core References
Broken Link vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108210
Patch, Vendor Advisory x_refsource_misc
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976
Scores
CVSS v3
5.5
EPSS
0.0023
EPSS Percentile
45.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Details
Status
published
Products (2)
microsoft/nuget
5.0.2
nuget/NuGet.Commands
5.0.0 - 5.0.2NuGet
Published
May 16, 2019
Tracked Since
Feb 18, 2026