CVE-2019-0757 vulnerability in Microsoft and Other Products
Published on April 9, 2019

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.

Vendor Advisory NVD

Products Associated with CVE-2019-0757

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2019-0757 are published in these products:

Microsoft Nuget

Mono Project Mono Framework

Red Hat Enterprise Linux (RHEL)

Red Hat Enterprise Linux Eus

Red Hat Enterprise Linux Server Aus

Red Hat Enterprise Linux Server Tus

Affected Versions

Microsoft Visual Studio:

Version 2017 for Mac is affected.

Microsoft .NET Core SDK:

Version 1.1 on .NET Core 1.0 is affected.
Version 2.1.500 on .NET Core 2.1 is affected.
Version 2.2.100 on .NET Core 2.2 is affected.
Version 1.1 on .NET Core 1.1 is affected.

Microsoft Nuget:

Version 4.3.1 is affected.
Version 4.4.2 is affected.
Version 4.5.2 is affected.
Version 4.6.3 is affected.
Version 4.7.2 is affected.
Version 4.8.2 is affected.
Version 4.9.4 is affected.

Microsoft Mono Framework:

Version 5.18.0.223 is affected.
Version 5.20.0 is affected.

Exploit Probability

EPSS

5.39%

Percentile

89.97%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2019-0757 vulnerability in Microsoft and Other ProductsPublished on April 9, 2019

Products Associated with CVE-2019-0757

Affected Versions

Exploit Probability

CVE-2019-0757 vulnerability in Microsoft and Other Products
Published on April 9, 2019