{"containers":{"cna":{"affected":[{"product":"Microsoft Visual Studio","vendor":"Microsoft","versions":[{"status":"affected","version":"2017 for Mac"}]},{"product":".NET Core SDK","vendor":"Microsoft","versions":[{"status":"affected","version":"1.1 on .NET Core 1.0"},{"status":"affected","version":"2.1.500 on .NET Core 2.1"},{"status":"affected","version":"2.2.100 on .NET Core 2.2"},{"status":"affected","version":"1.1 on .NET Core 1.1"}]},{"product":"Nuget","vendor":"Microsoft","versions":[{"status":"affected","version":"4.3.1"},{"status":"affected","version":"4.4.2"},{"status":"affected","version":"4.5.2"},{"status":"affected","version":"4.6.3"},{"status":"affected","version":"4.7.2"},{"status":"affected","version":"4.8.2"},{"status":"affected","version":"4.9.4"}]},{"product":"Mono Framework","vendor":"Microsoft","versions":[{"status":"affected","version":"5.18.0.223"},{"status":"affected","version":"5.20.0"}]}],"datePublic":"2019-03-12T00:00:00.000Z","descriptions":[{"lang":"en","value":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'."}],"problemTypes":[{"descriptions":[{"description":"Tampering","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2019-05-22T12:06:04.000Z","orgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","shortName":"microsoft"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"},{"name":"RHSA-2019:1259","tags":["vendor-advisory","x_refsource_REDHAT"],"url":"https://access.redhat.com/errata/RHSA-2019:1259"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secure@microsoft.com","ID":"CVE-2019-0757","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"Microsoft Visual Studio","version":{"version_data":[{"version_value":"2017 for Mac"}]}},{"product_name":".NET Core SDK","version":{"version_data":[{"version_value":"1.1 on .NET Core 1.0"},{"version_value":"2.1.500 on .NET Core 2.1"},{"version_value":"2.2.100 on .NET Core 2.2"},{"version_value":"1.1 on .NET Core 1.1"}]}},{"product_name":"Nuget","version":{"version_data":[{"version_value":"4.3.1"},{"version_value":"4.4.2"},{"version_value":"4.5.2"},{"version_value":"4.6.3"},{"version_value":"4.7.2"},{"version_value":"4.8.2"},{"version_value":"4.9.4"}]}},{"product_name":"Mono Framework","version":{"version_data":[{"version_value":"5.18.0.223"},{"version_value":"5.20.0"}]}}]},"vendor_name":"Microsoft"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Tampering"}]}]},"references":{"reference_data":[{"name":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757","refsource":"CONFIRM","url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"},{"name":"RHSA-2019:1259","refsource":"REDHAT","url":"https://access.redhat.com/errata/RHSA-2019:1259"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T17:58:59.044Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"},{"name":"RHSA-2019:1259","tags":["vendor-advisory","x_refsource_REDHAT","x_transferred"],"url":"https://access.redhat.com/errata/RHSA-2019:1259"}]}]},"cveMetadata":{"assignerOrgId":"f38d906d-7342-40ea-92c1-6c4a2c6478c8","assignerShortName":"microsoft","cveId":"CVE-2019-0757","datePublished":"2019-04-09T01:51:25.000Z","dateReserved":"2018-11-26T00:00:00.000Z","dateUpdated":"2024-08-04T17:58:59.044Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}