GHSA-g5vf-38cp-4px9

Suggest an improvement
Source
https://github.com/advisories/GHSA-g5vf-38cp-4px9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-g5vf-38cp-4px9/GHSA-g5vf-38cp-4px9.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-g5vf-38cp-4px9
Aliases
Published
2022-05-24T17:22:57Z
Modified
2023-11-01T04:51:31.997282Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
Details

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

Database specific
{
    "nvd_published_at": "2020-07-14T23:15:00Z",
    "github_reviewed_at": "2022-10-21T20:58:50Z",
    "severity": "HIGH",
    "github_reviewed": true,
    "cwe_ids": []
}
References

Affected packages

NuGet / Microsoft.NETCore.App

Package

Name
Microsoft.NETCore.App
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1.0
Fixed
2.1.20

Affected versions

2.*

2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.1.10
2.1.11
2.1.12
2.1.13
2.1.14
2.1.15
2.1.16
2.1.17
2.1.18
2.1.19

NuGet / Microsoft.NETCore.App.Runtime.linux-arm

Package

Name
Microsoft.NETCore.App.Runtime.linux-arm
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.linux-arm64

Package

Name
Microsoft.NETCore.App.Runtime.linux-arm64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.linux-arm64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.linux-musl-arm64

Package

Name
Microsoft.NETCore.App.Runtime.linux-musl-arm64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.linux-musl-x64

Package

Name
Microsoft.NETCore.App.Runtime.linux-musl-x64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.linux-x64

Package

Name
Microsoft.NETCore.App.Runtime.linux-x64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.linux-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.osx-x64

Package

Name
Microsoft.NETCore.App.Runtime.osx-x64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.osx-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.rhel.6-x64

Package

Name
Microsoft.NETCore.App.Runtime.rhel.6-x64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.rhel.6-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.win-arm

Package

Name
Microsoft.NETCore.App.Runtime.win-arm
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.win-arm

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.win-arm64

Package

Name
Microsoft.NETCore.App.Runtime.win-arm64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.win-arm64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.win-x64

Package

Name
Microsoft.NETCore.App.Runtime.win-x64
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.win-x64

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5

NuGet / Microsoft.NETCore.App.Runtime.win-x86

Package

Name
Microsoft.NETCore.App.Runtime.win-x86
View open source insights on deps.dev
Purl
pkg:nuget/Microsoft.NETCore.App.Runtime.win-x86

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1.0
Fixed
3.1.6

Affected versions

3.*

3.1.0
3.1.1
3.1.2
3.1.3
3.1.4
3.1.5