{"api_version":"1","generated_at":"2026-04-23T11:22:35+00:00","cve":"CVE-2019-0976","urls":{"html":"https://cve.report/CVE-2019-0976","api":"https://cve.report/api/cve/CVE-2019-0976.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-0976","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-0976"},"summary":{"title":"CVE-2019-0976","description":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default \"obj\"), aka 'NuGet Package Manager Tampering Vulnerability'.","state":"PUBLIC","assigner":"secure@microsoft.com","published_at":"2019-05-16 19:29:00","updated_at":"2022-04-18 14:26:00"},"problem_types":["NVD-CWE-noinfo"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/108210","name":"108210","refsource":"BID","tags":["Third Party Advisory"],"title":"Microsoft NuGet Package Manager CVE-2019-0976 Tampering Security Bypass Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-0976","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-0976","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"976","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"nuget","cpe6":"5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"976","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"microsoft","cpe5":"nuget","cpe6":"5.0.2","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2019-0976","qid":"997846","title":"DotNet (Nuget) Security Update for NuGet.Commands (GHSA-3hcm-6fjc-47qq)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2019-0976","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Nuget","version":{"version_data":[{"version_value":"5.0.2"}]}}]},"vendor_name":"Microsoft"}]}},"description":{"description_data":[{"lang":"eng","value":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default \"obj\"), aka 'NuGet Package Manager Tampering Vulnerability'."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Tampering"}]}]},"references":{"reference_data":[{"refsource":"BID","name":"108210","url":"http://www.securityfocus.com/bid/108210"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976","refsource":"MISC","name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976"}]}},"nvd":{"publishedDate":"2019-05-16 19:29:00","lastModifiedDate":"2022-04-18 14:26:00","problem_types":["NVD-CWE-noinfo"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE","baseScore":5.5,"baseSeverity":"MEDIUM"},"exploitabilityScore":1.8,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:N/I:P/A:N","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":2.1},"severity":"LOW","exploitabilityScore":3.9,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:microsoft:nuget:5.0.2:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"976","Ordinal":"137390","Title":"CVE-2019-0976","CVE":"CVE-2019-0976","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"976","Ordinal":"1","NoteData":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default \"obj\"), aka 'NuGet Package Manager Tampering Vulnerability'.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"976","Ordinal":"2","NoteData":"2019-05-16","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"976","Ordinal":"3","NoteData":"2019-05-20","Type":"Other","Title":"Modified"}]}}}