Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Affected products
- Microsoft / Microsoft Visual Studio2017 for Mac – 2017 for Mac
- Microsoft / Mono Framework5.20.0 – 5.20.0
- Microsoft / Mono Framework5.18.0.223 – 5.18.0.223
- Microsoft / .NET Core SDK2.2.100 on .NET Core 2.2 – 2.2.100 on .NET Core 2.2
- Microsoft / .NET Core SDK1.1 on .NET Core 1.1 – 1.1 on .NET Core 1.1
- Microsoft / .NET Core SDK1.1 on .NET Core 1.0 – 1.1 on .NET Core 1.0
- Microsoft / .NET Core SDK2.1.500 on .NET Core 2.1 – 2.1.500 on .NET Core 2.1
- Microsoft / nuget4.5.2 – 4.5.2
- Microsoft / nuget4.6.3 – 4.6.3
- Microsoft / nuget4.7.2 – 4.7.2
- Microsoft / nuget4.8.2 – 4.8.2
- Microsoft / nuget4.9.4 – 4.9.4
- Microsoft / nuget4.3.1 – 4.3.1
- Microsoft / nuget4.4.2 – 4.4.2