logo
DATABASE RESOURCES PRICING ABOUT US

NuGet Package Manager Tampering Vulnerability

Description

A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure. An attacker who successfully exploited this vulnerability could potentially modify files and folders that are unpackaged on a system. To exploit this vulnerability, an attacker would need to log on to the affected system and tamper with the folder contents of a package prior to building or installation of an application. The security update addresses the vulnerability by correcting permissions on folders inside the NuGet packages folder structure.


Related