Search a vulnerability

All the vulnerabilites related to Microsoft - NuGet 6.3.2

cve-2023-29337

Vulnerability from cvelistv5

Published
2023-06-14 14:52
Modified
2024-08-02 14:07
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
Summary
NuGet Client Remote Code Execution Vulnerability
References
▼	URL	Tags
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337	vendor-advisory
Impacted products
▼	Vendor	Product
	Microsoft	NuGet 6.2.3
	Microsoft	NuGet 6.4.1
	Microsoft	NuGet 6.5.0
	Microsoft	NuGet 6.3.2
	Microsoft	NuGet 6.0.4
	Microsoft	NuGet 6.6.0
	Microsoft	NuGet 5.11.4
Show details on NVD website
JSON
To clipboard
{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-29337",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-06-04T01:31:31.741189Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:27:28.820Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:07:46.013Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "NuGet Client Remote Code Execution Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.2.3:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.2.3",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.2.4",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.4.1:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.4.1",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.4.2",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.5.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.5.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.5.1",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.3.2:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.3.2",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.3.3",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.0.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.0.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.0.5",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:6.6.0:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 6.6.0",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "6.6.0",
              "status": "affected",
              "version": "6.0.0",
              "versionType": "custom"
            }
          ]
        },
        {
          "cpes": [
            "cpe:2.3:a:microsoft:nuget:5.11.4:*:*:*:*:*:*:*"
          ],
          "platforms": [
            "Unknown"
          ],
          "product": "NuGet 5.11.4",
          "vendor": "Microsoft",
          "versions": [
            {
              "lessThan": "5.11.5",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-06-13T07:00:00+00:00",
      "descriptions": [
        {
          "lang": "en-US",
          "value": "NuGet Client Remote Code Execution Vulnerability"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en-US",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-367",
              "description": "CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition",
              "lang": "en-US",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-19T20:22:02.098Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "NuGet Client Remote Code Execution Vulnerability",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337"
        }
      ],
      "title": "NuGet Client Remote Code Execution Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2023-29337",
    "datePublished": "2023-06-14T14:52:20.370Z",
    "dateReserved": "2023-04-04T22:34:18.380Z",
    "dateUpdated": "2024-08-02T14:07:46.013Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}