CVE-2019-0757

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

References

Affected packages

Git / github.com/dotnet/cli

Affected ranges

Type: GIT
Repo: https://github.com/dotnet/cli
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

10a5923449a4314344fc73fbf253ff3443decac6

Last affected

51868761f2d5506b64166cf787ef2d25217d675c

Last affected

d6f4336106a9b07ebeab55886b5c752991ec1b34

Affected versions

release/2.*

release/2.0.0

release/2.1

release/2.1.1xx

release/2.1.2xx

release/2.1.3xx

release/2.1.4xx

v1.*

v1.0.0

v1.0.0-preview2

v1.0.0-preview2.0.1

v1.0.0-preview3-004056

v1.0.0-rc3-004517

v1.0.0-rc4-004771

v1.0.1

v1.0.3

v1.0.4

v1.1.0

v1.1.0-preview1-005051

v1.1.0-preview1-005077

v2.*

v2.0.0

v2.0.0-preview1

v2.0.0-preview2

v2.0.2

v2.0.3

v2.1.1-preview-007183

v2.1.100

v2.1.101

v2.1.102

v2.1.103

v2.1.104

v2.1.105

v2.1.2

v2.1.200

v2.1.201

v2.1.202

v2.1.3

v2.1.300

v2.1.300-preview1-008174

v2.1.300-preview2-008530

v2.1.300-rc1-008673

v2.1.301

v2.1.301+dependencies

v2.1.302

v2.1.4

v2.1.400

v2.1.401

v2.1.402

v2.1.402+dependencies

v2.1.403

v2.1.403+dependencies

v2.1.500

v2.1.500+dependencies

v2.1.500-preview-009335

v2.1.500-preview-009335+dependencies

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0757.json"

Git / github.com/dotnet/core

Affected ranges

Type: GIT
Repo: https://github.com/dotnet/core
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

218888387c3e7aff6241f65599529620fb7b4127

Affected versions

v1.*

v1.0.0

v1.0.0-rc1

v1.0.0-rc2

v1.0.1

v1.0.2

v1.1

v1.1.0

v1.1.0-preview1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-0757.json"