Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.7 views

CVE-2026-39399

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6AI score0.00527EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/14 11:42 p.m.7 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 11:42 p.m.6 views

Resource Injection

Overview Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass intended validation by supplying specially crafted package metadata IDs or versions. Remediation Upgrade...

9.6CVSS5.7AI score0.00527EPSS
Exploits0References3
Snyk
Snyk
added 2026/04/14 11:42 p.m.3 views

Resource Injection

Overview NuGet.Packaging is a NuGet's implementation for reading nupkg package and nuspec package specification files. Affected versions of this package are vulnerable to Resource Injection in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can bypass...

9.6CVSS5.8AI score0.00527EPSS
Exploits0References3
NVD
NVD
added 2026/04/14 11:16 p.m.3 views

CVE-2026-39399

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS0.00527EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 11:1 p.m.15 views

CVE-2026-39399

The CVE affects NuGetGallery, specifically the backend job that processes .nuspec files inside NuGet packages. A crafted nuspec with malicious metadata can trigger cross-package metadata injection due to insufficient input validation, potentially enabling remote code execution (RCE) and arbitrary...

9.6CVSS6.2AI score0.00527EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/14 11:1 p.m.21 views

CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS0.00527EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 11:1 p.m.5 views

CVE-2026-39399

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6.2AI score0.00527EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 11:1 p.m.5 views

CVE-2026-39399 NuGet Gallery: Arbitrary Blob Overwrite via Nuspec Confusion and URI Fragment Truncation

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6.2AI score0.00527EPSS
Exploits0References2
EUVD
EUVD
added 2026/04/14 11:1 p.m.5 views

EUVD-2026-22805

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6.2AI score0.00527EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.5 views

PT-2026-32962

NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that ma...

9.6CVSS6.2AI score0.00527EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.7 views

NuGet Gallery 路径遍历漏洞

NuGet Gallery is an open-source repository for NuGet-based software packages maintained by NuGet. NuGet Gallery has a path traversal vulnerability, which stems from insufficient input validation of the.nuspec files. This vulnerability may lead to cross-package metadata injection, potentially...

9.6CVSS6.5AI score0.00527EPSS
Exploits0References2
Rows per page
Query Builder