NuGet Client Security Feature Bypass Vulnerability
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
Advisories for Nuget/NuGet.CommandLine package
2024
Duplicate Advisory: NuGet Client Security Feature Bypass Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-68w7-72jg-6qpp. This link is maintained to preserve external references. Original Description NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
2023
NuGet Client Remote Code Execution Vulnerability
NuGet Client Remote Code Execution Vulnerability
2022
NuGet Elevation of Privilege Vulnerability
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 7.0.0-rc.1, .NET 6.0, .NET Core 3.1, and NuGet clients (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol) where a malicious actor could cause a user …
Key Management Errors
Potential leak of NuGet.org API key