3 matches found
Dozens of Vulnerable NuGet Packages Allow Attackers to Target .NET Platform
An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process. In light...
CVE-2021-3331
WinSCP before 5.17.10 allows remote attackers to execute arbitrary programs when the URL handler encounters a crafted URL that loads session settings. For example, this is exploitable in a default installation in which WinSCP is the handler for sftp:// URLs...
CVE-2021-3331
WinSCP vulnerability CVE-2021-3331 affects versions prior to 5.17.10. A crafted URL loaded by the URL handler (e.g., sftp:// URLs) can load session settings and trigger remote code execution. Public sources in the connected documents confirm the issue as a remote code execution vulnerability due ...