CVE-2019-0976

low-risk

Published 2019-05-16

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify contents of the intermediate build folder (by default "obj"), aka 'NuGet Package Manager Tampering Vulnerability'.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.5/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Nuget

Affected Vendors

Microsoft

References (4)

Broken Link http://www.securityfocus.com/bid/108210

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976

Broken Link http://www.securityfocus.com/bid/108210

Patch https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0976

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal