CVE-2019-0976
Summary
| CVE | CVE-2019-0976 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-05-16 19:29:00 UTC |
| Updated | 2022-04-18 14:26:00 UTC |
| Description | A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Macos | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Apple | Mac Os | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Operating System | Linux | Linux Kernel | - | All | All | All |
| Application | Microsoft | Nuget | 5.0.2 | All | All | All |
| Application | Microsoft | Nuget | 5.0.2 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Microsoft NuGet Package Manager CVE-2019-0976 Tampering Security Bypass Vulnerability | BID | www.securityfocus.com | Third Party Advisory |
| portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976 | MISC | portal.msrc.microsoft.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 997846 DotNet (Nuget) Security Update for NuGet.Commands (GHSA-3hcm-6fjc-47qq)