NuGet Client Remote Code Execution Vulnerability
Weakness
The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Nuget | Microsoft | 6.0.4 (including) | 6.0.4 (including) |
| Nuget | Microsoft | 6.2.3 (including) | 6.2.3 (including) |
| Nuget | Microsoft | 6.3.2 (including) | 6.3.2 (including) |
| Nuget | Microsoft | 6.4.1 (including) | 6.4.1 (including) |
| Nuget | Microsoft | 6.5.0 (including) | 6.5.0 (including) |
| Nuget | Microsoft | 6.6.0 (including) | 6.6.0 (including) |
| .NET Core on Red Hat Enterprise Linux | RedHat | rh-dotnet60-dotnet-0:6.0.118-1.el7_9 | * |
| Red Hat Enterprise Linux 8 | RedHat | dotnet6.0-0:6.0.118-1.el8_8 | * |
| Red Hat Enterprise Linux 8 | RedHat | dotnet7.0-0:7.0.107-1.el8_8 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | dotnet6.0-0:6.0.120-1.el8_6 | * |
| Red Hat Enterprise Linux 9 | RedHat | dotnet6.0-0:6.0.118-1.el9_2 | * |
| Red Hat Enterprise Linux 9 | RedHat | dotnet7.0-0:7.0.107-1.el9_2 | * |
| Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | dotnet6.0-0:6.0.120-1.el9_0 | * |
| Dotnet6 | Ubuntu | devel | * |
| Dotnet6 | Ubuntu | jammy | * |
| Dotnet6 | Ubuntu | kinetic | * |
| Dotnet6 | Ubuntu | lunar | * |
| Dotnet6 | Ubuntu | upstream | * |
| Dotnet7 | Ubuntu | devel | * |
| Dotnet7 | Ubuntu | jammy | * |
| Dotnet7 | Ubuntu | kinetic | * |
| Dotnet7 | Ubuntu | lunar | * |
| Dotnet7 | Ubuntu | upstream | * |