First published: Thu May 16 2019(Updated: )
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.
Credit: secure@microsoft.com secure@microsoft.com
Affected Software | Affected Version | How to fix |
---|---|---|
Microsoft Nuget | =5.0.2 | |
Apple macOS | ||
Linux Linux kernel | ||
nuget/NuGet.Commands | >=5.0.0<5.0.2 | 5.0.2 |
All of | ||
Microsoft Nuget | =5.0.2 | |
Any of | ||
Apple macOS | ||
Linux Linux kernel |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-0976 is a tampering vulnerability that exists in the NuGet Package Manager for Linux and Mac.
CVE-2019-0976 allows an authenticated attacker to modify the contents of the intermediate build folder in Microsoft NuGet (by default "obj").
No, Apple macOS is not vulnerable to CVE-2019-0976.
No, Linux Linux kernel is not vulnerable to CVE-2019-0976.
CVE-2019-0976 has a severity rating of 5.5, which is considered medium.
You can find more information about CVE-2019-0976 in the following references: [SecurityFocus](http://www.securityfocus.com/bid/108210) and [Microsoft Security Guidance](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976).