BIT-dotnet-sdk-2025-26646

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/dotnet-sdk/BIT-dotnet-sdk-2025-26646.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-dotnet-sdk-2025-26646

Aliases

Published

2025-07-11T05:41:38.131Z

Modified

2025-07-11T06:41:58.109474Z

Summary

.NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability

Details

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
    ]
}

References

Affected packages

Bitnami / dotnet-sdk

Package

Name: dotnet-sdk
Purl: pkg:bitnami/dotnet-sdk

Severity

8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.0.0

Fixed

8.0.101

Introduced

9.0.0

Fixed

9.0.100

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/dotnet-sdk/BIT-dotnet-sdk-2025-26646.json"