Action not permitted
Modal body text goes here.
CVE-2019-0757
Vulnerability from cvelistv5
Published
2019-04-09 01:51
Modified
2024-08-04 17:58
Severity ?
EPSS score ?
Summary
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secure@microsoft.com | https://access.redhat.com/errata/RHSA-2019:1259 | Third Party Advisory | |
| secure@microsoft.com | https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757 | Patch, Vendor Advisory |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:58:59.044Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Microsoft Visual Studio",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "2017 for Mac"
}
]
},
{
"product": ".NET Core SDK",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "1.1 on .NET Core 1.0"
},
{
"status": "affected",
"version": "2.1.500 on .NET Core 2.1"
},
{
"status": "affected",
"version": "2.2.100 on .NET Core 2.2"
},
{
"status": "affected",
"version": "1.1 on .NET Core 1.1"
}
]
},
{
"product": "Nuget",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "4.3.1"
},
{
"status": "affected",
"version": "4.4.2"
},
{
"status": "affected",
"version": "4.5.2"
},
{
"status": "affected",
"version": "4.6.3"
},
{
"status": "affected",
"version": "4.7.2"
},
{
"status": "affected",
"version": "4.8.2"
},
{
"status": "affected",
"version": "4.9.4"
}
]
},
{
"product": "Mono Framework",
"vendor": "Microsoft",
"versions": [
{
"status": "affected",
"version": "5.18.0.223"
},
{
"status": "affected",
"version": "5.20.0"
}
]
}
],
"datePublic": "2019-03-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Tampering",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-05-22T12:06:04",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017 for Mac"
}
]
}
},
{
"product_name": ".NET Core SDK",
"version": {
"version_data": [
{
"version_value": "1.1 on .NET Core 1.0"
},
{
"version_value": "2.1.500 on .NET Core 2.1"
},
{
"version_value": "2.2.100 on .NET Core 2.2"
},
{
"version_value": "1.1 on .NET Core 1.1"
}
]
}
},
{
"product_name": "Nuget",
"version": {
"version_data": [
{
"version_value": "4.3.1"
},
{
"version_value": "4.4.2"
},
{
"version_value": "4.5.2"
},
{
"version_value": "4.6.3"
},
{
"version_value": "4.7.2"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.9.4"
}
]
}
},
{
"product_name": "Mono Framework",
"version": {
"version_data": [
{
"version_value": "5.18.0.223"
},
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2019-0757",
"datePublished": "2019-04-09T01:51:25",
"dateReserved": "2018-11-26T00:00:00",
"dateUpdated": "2024-08-04T17:58:59.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2019-0757\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-09T02:29:00.600\",\"lastModified\":\"2022-04-11T20:36:04.833\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de manipulaci\u00f3n en NuGet Package Manager para Linux y Mac que podr\u00eda permitir que un atacante autenticado modifique la estructura de carpetas de un paquete de NuGet, tambi\u00e9n conocida como \u0027NuGet Package Manager Tampering Vulnerability\u0027.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:P/A:N\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDA983E6-A2DA-48BB-9874-14CF4B3AAE15\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BBC3EE0-4087-41B2-A68E-547BC2E555B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A682279C-B149-4B8C-A77B-358734FEED04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D679328-6D42-47AA-9442-39EDD7934AC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1CEF9AC2-976B-4984-ACE7-7F1FFDC5DE4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"687F6CDF-90C8-4452-8EF4-2B7B2583D399\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCA80AC0-B4F7-4318-B1DF-CC12C878B458\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C821DB95-80BF-4B94-8194-AAA286457FA3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A9C97DF-AF6E-4D4D-9A65-F4DA1E8B4F91\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A56F0C3E-21CF-4887-B931-505E9F9BAE54\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38B0049-4EF6-4EFB-AC6A-71B8A9FA6544\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EDF760A-C775-457E-8091-586E56545B07\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87DCF0-0552-4815-8148-C9894397C5EF\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7BACCC0F-721B-4039-985D-EFAD2044996E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BF7E3F6-D3AE-404D-8F0E-0C57BF23006C\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D8A3CDDB-8FF1-4CB0-BD4E-5BF78792D9CC\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5AB75F9-B0FC-46B5-A863-0458696773DB\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"92BC9265-6959-4D37-BE5E-8C45E98992F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831F0F47-3565-4763-B16F-C87B1FF2035E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E3F09B5-569F-4C58-9FCA-3C0953D107B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6897676D-53F9-45B3-B27F-7FF9A4C58D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E28F226A-CBC7-4A32-BE58-398FA5B42481\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B09ACF2D-D83F-4A86-8185-9569605D8EE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC10D919-57FD-4725-B8D2-39ECB476902F\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2019:1259\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
ghsa-c2wg-p84q-4x76
Vulnerability from github
Published
2022-05-13 01:02
Modified
2022-05-13 01:02
Severity ?
Details
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
{
"affected": [],
"aliases": [
"CVE-2019-0757"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-04-09T02:29:00Z",
"severity": "MODERATE"
},
"details": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GHSA-c2wg-p84q-4x76",
"modified": "2022-05-13T01:02:36Z",
"published": "2022-05-13T01:02:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
rhsa-2019_1259
Vulnerability from csaf_redhat
Published
2019-05-22 10:22
Modified
2024-11-05 21:07
Summary
Red Hat Security Advisory: dotnet security, bug fix, and enhancement update
Notes
Topic
An update for dotnet is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
A new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.
Security Fix(es):
* dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)
* dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)
* dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)
* dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dotnet is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nA new version of .NET Core that address security vulnerabilities is now available. The updated version is .NET Core Runtime 2.1.11 and SDK 2.1.507.\n\nSecurity Fix(es):\n\n* dotnet: NuGet Tampering Vulnerability (CVE-2019-0757)\n\n* dotnet: timeouts for regular expressions are not enforced (CVE-2019-0820)\n\n* dotnet: infinite loop in URI.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0980)\n\n* dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service (CVE-2019-0981)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:1259",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0980"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
},
{
"category": "external",
"summary": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md",
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"category": "external",
"summary": "1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "1696836",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1696836"
},
{
"category": "external",
"summary": "1705502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705502"
},
{
"category": "external",
"summary": "1705504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705504"
},
{
"category": "external",
"summary": "1705506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506"
},
{
"category": "external",
"summary": "1710068",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710068"
},
{
"category": "external",
"summary": "1712471",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1712471"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_1259.json"
}
],
"title": "Red Hat Security Advisory: dotnet security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-05T21:07:50+00:00",
"generator": {
"date": "2024-11-05T21:07:50+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:1259",
"initial_release_date": "2019-05-22T10:22:43+00:00",
"revision_history": [
{
"date": "2019-05-22T10:22:43+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-05-22T10:22:43+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:07:50+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-2.1-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx-debuginfo@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-debugsource@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-runtime-2.1@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-debuginfo@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-debuginfo@2.1.11-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-sdk-2.1.5xx@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product": {
"name": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product_id": "dotnet-0:2.1.507-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@2.1.507-2.el8_0?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product": {
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product_id": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet-host-fxr-2.1@2.1.11-2.el8_0?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dotnet-0:2.1.507-2.el8_0.src",
"product": {
"name": "dotnet-0:2.1.507-2.el8_0.src",
"product_id": "dotnet-0:2.1.507-2.el8_0.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dotnet@2.1.507-2.el8_0?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:2.1.507-2.el8_0.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src"
},
"product_reference": "dotnet-0:2.1.507-2.el8_0.src",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64"
},
"product_reference": "dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
},
"product_reference": "dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64",
"relates_to_product_reference": "AppStream-8.0.0.Z"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0757",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1685475"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: NuGet Tampering Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0757"
},
{
"category": "external",
"summary": "RHBZ#1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"release_date": "2019-03-12T17:33:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: NuGet Tampering Vulnerability"
},
{
"cve": "CVE-2019-0820",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705506"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka \u0027.NET Framework and .NET Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: timeouts for regular expressions are not enforced",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0820"
},
{
"category": "external",
"summary": "RHBZ#1705506",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705506"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0820",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0820"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0820"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0820"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: timeouts for regular expressions are not enforced"
},
{
"cve": "CVE-2019-0980",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705502"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0981.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0980"
},
{
"category": "external",
"summary": "RHBZ#1705502",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705502"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0980",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0980"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0980",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0980"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0980",
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0980"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: infinite loop in Uri.TryCreate leading to ASP.Net Core Denial of Service"
},
{
"cve": "CVE-2019-0981",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2019-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1705504"
}
],
"notes": [
{
"category": "description",
"text": "A denial of service vulnerability exists when .NET Framework or .NET Core improperly handle web requests, aka \u0027.Net Framework and .Net Core Denial of Service Vulnerability\u0027. This CVE ID is unique from CVE-2019-0820, CVE-2019-0980.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0981"
},
{
"category": "external",
"summary": "RHBZ#1705504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1705504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0981",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0981"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0981",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0981"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0981"
}
],
"release_date": "2019-05-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-05-22T10:22:43+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.src",
"AppStream-8.0.0.Z:dotnet-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debuginfo-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-debugsource-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-host-fxr-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-runtime-2.1-debuginfo-0:2.1.11-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-0:2.1.507-2.el8_0.x86_64",
"AppStream-8.0.0.Z:dotnet-sdk-2.1.5xx-debuginfo-0:2.1.507-2.el8_0.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dotnet: crash in IPAddress.TryCreate leading to ASP.Net Core Denial of Service"
}
]
}
rhsa-2019_0544
Vulnerability from csaf_redhat
Published
2019-03-13 14:04
Modified
2024-11-05 21:00
Summary
Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update for March 2019
Notes
Topic
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3.
Security Fix(es):
* A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": ".NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.\n\nNew versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3.\n\nSecurity Fix(es):\n\n* A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nFor more information, please refer to the upstream doc in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2019:0544",
"url": "https://access.redhat.com/errata/RHSA-2019:0544"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"category": "external",
"summary": "1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "1685718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685718"
},
{
"category": "external",
"summary": "1685720",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685720"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_0544.json"
}
],
"title": "Red Hat Security Advisory: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"tracking": {
"current_release_date": "2024-11-05T21:00:51+00:00",
"generator": {
"date": "2024-11-05T21:00:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.1.1"
}
},
"id": "RHSA-2019:0544",
"initial_release_date": "2019-03-13T14:04:55+00:00",
"revision_history": [
{
"date": "2019-03-13T14:04:55+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2019-03-13T14:04:55+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-05T21:00:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.1::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:2.2::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
},
{
"category": "product_name",
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product": {
"name": ".NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_dotnet:1.0::el7"
}
}
}
],
"category": "product_family",
"name": ".NET Core on Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product_id": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.12-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product_id": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore-debuginfo@1.1.12-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product_id": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-runtime@2.1-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product_id": "rh-dotnet21-0:2.1-8.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21@2.1-8.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1.5xx@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-debuginfo@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-host@2.1.9-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-sdk-2.1@2.1.505-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product_id": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet-runtime-2.1@2.1.9-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product_id": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-runtime@2.2-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product_id": "rh-dotnet22-0:2.2-4.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22@2.2-4.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-host@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-debuginfo@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-sdk-2.2.1xx@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-runtime-2.2@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-sdk-2.2@2.2.105-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product_id": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet-host-fxr-2.2@2.2.3-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product_id": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore-debuginfo@1.0.15-1.el7?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product_id": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.15-1.el7?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product_id": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore11-dotnetcore@1.1.12-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-0:2.1-8.el7.src",
"product": {
"name": "rh-dotnet21-0:2.1-8.el7.src",
"product_id": "rh-dotnet21-0:2.1-8.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21@2.1-8.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product_id": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet21-dotnet@2.1.505-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-0:2.2-4.el7.src",
"product": {
"name": "rh-dotnet22-0:2.2-4.el7.src",
"product_id": "rh-dotnet22-0:2.2-4.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22@2.2-4.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product_id": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnet22-dotnet@2.2.105-1.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product_id": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/rh-dotnetcore10-dotnetcore@1.0.15-1.el7?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux ComputeNode (v. 7)",
"product_id": "7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7ComputeNode-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Server (v. 7)",
"product_id": "7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Server-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64"
},
"product_reference": "rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-1.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64"
},
"product_reference": "rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64"
},
"product_reference": "rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64"
},
"product_reference": "rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64 as a component of .NET Core on Red Hat Enterprise Linux Workstation (v. 7)",
"product_id": "7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
},
"product_reference": "rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"relates_to_product_reference": "7Workstation-dotNET-2.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2019-0757",
"cwe": {
"id": "CWE-732",
"name": "Incorrect Permission Assignment for Critical Resource"
},
"discovery_date": "2019-03-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1685475"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dotnet: NuGet Tampering Vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2019-0757"
},
{
"category": "external",
"summary": "RHBZ#1685475",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2019-0757",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0757"
},
{
"category": "external",
"summary": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
}
],
"release_date": "2019-03-12T17:33:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2019-03-13T14:04:55+00:00",
"details": "For details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2019:0544"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7ComputeNode-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7ComputeNode-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Server-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Server-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.src",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.0:rh-dotnetcore10-dotnetcore-debuginfo-0:1.0.15-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.src",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-1.1:rh-dotnetcore11-dotnetcore-debuginfo-0:1.1.12-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.src",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-debuginfo-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-host-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-runtime-2.1-0:2.1.9-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-dotnet-sdk-2.1.5xx-0:2.1.505-1.el7.x86_64",
"7Workstation-dotNET-2.1:rh-dotnet21-runtime-0:2.1-8.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-0:2.2-4.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.src",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-debuginfo-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-host-fxr-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-runtime-2.2-0:2.2.3-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-dotnet-sdk-2.2.1xx-0:2.2.105-1.el7.x86_64",
"7Workstation-dotNET-2.2:rh-dotnet22-runtime-0:2.2-4.el7.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "dotnet: NuGet Tampering Vulnerability"
}
]
}
var-201904-0811
Vulnerability from variot
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'. Microsoft NuGet is prone to a security bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions.
Bug Fix(es):
-
dotnet: new SocketException((int)SocketError.InvalidArgument).Message is empty (BZ#1712471)
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019 Advisory ID: RHSA-2019:0544-01 Product: .NET Core on Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0544 Issue date: 2019-03-13 CVE Names: CVE-2019-0757 ==================================================================== 1. Summary:
Updates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore, rh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core on Red Hat Enterprise Linux.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64 .NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64
- Description:
.NET Core is a managed-software framework. It implements the .NET standard APIs and several additional APIs, and it includes a CLR implementation.
New versions of .NET Core that address security vulnerabilities are now available. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and 2.2.3. (CVE-2019-0757)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
For more information, please refer to the upstream doc in the References section.
- Solution:
For details on how to apply this update, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability 1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105 1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505
- Package List:
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Server (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm
x86_64: rh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm rh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm
x86_64: rh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm rh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet21-2.1-8.el7.src.rpm rh-dotnet21-dotnet-2.1.505-1.el7.src.rpm
x86_64: rh-dotnet21-2.1-8.el7.x86_64.rpm rh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm rh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm rh-dotnet21-runtime-2.1-8.el7.x86_64.rpm
.NET Core on Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-dotnet22-2.2-4.el7.src.rpm rh-dotnet22-dotnet-2.2.105-1.el7.src.rpm
x86_64: rh-dotnet22-2.2-4.el7.x86_64.rpm rh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm rh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm rh-dotnet22-runtime-2.2-4.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2019-0757 https://access.redhat.com/security/updates/classification/#important https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN jsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz csbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt Ybu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC sfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM Zubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu tGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg ijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A eqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r LfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1 35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR FvFvp8/nSm4=KwTi -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201904-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.9.4"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.8.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.7.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.6.3"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.5.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.4.2"
},
{
"model": "nuget",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "4.3.1"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "2.1.500"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 2.1,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "framework",
"scope": "eq",
"trust": 1.8,
"vendor": "mono",
"version": "5.20.0"
},
{
"model": ".net core sdk",
"scope": "eq",
"trust": 1.8,
"vendor": "microsoft",
"version": "2.2.100"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.0"
},
{
"model": "visual studio 2017",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": null
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.1"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.2"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "8.4"
},
{
"model": "visual studio",
"scope": "eq",
"trust": 0.8,
"vendor": "microsoft",
"version": "2017 for mac"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.20"
},
{
"model": "mono",
"scope": "eq",
"trust": 0.3,
"vendor": "mono",
"version": "5.18.0.223"
},
{
"model": "visual studio for mac",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1"
},
{
"model": ".net core",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.505"
},
{
"model": ".net core sdk",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.13"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "2.1.9"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.1.12"
},
{
"model": ".net core",
"scope": "ne",
"trust": 0.3,
"vendor": "microsoft",
"version": "1.0.15"
}
],
"sources": [
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat,The vendor reported this issue.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"cve": "CVE-2019-0757",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-0757",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-0757",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027. Microsoft NuGet is prone to a security bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. \n\nBug Fix(es):\n\n* dotnet: new SocketException((int)SocketError.InvalidArgument).Message is\nempty (BZ#1712471)\n\n4. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019\nAdvisory ID: RHSA-2019:0544-01\nProduct: .NET Core on Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0544\nIssue date: 2019-03-13\nCVE Names: CVE-2019-0757\n====================================================================\n1. Summary:\n\nUpdates for rh-dotnetcore10-dotnetcore, rh-dotnetcore11-dotnetcore,\nrh-dotnet21-dotnet, and rh-dotnet22-dotnet are now available for .NET Core\non Red Hat Enterprise Linux. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Server (v. 7) - x86_64\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7) - x86_64\n\n3. Description:\n\n.NET Core is a managed-software framework. It implements the .NET standard\nAPIs and several additional APIs, and it includes a CLR implementation. \n\nNew versions of .NET Core that address security vulnerabilities are now\navailable. The updated versions are .NET Core 1.0.15, 1.1.12, 2.1.9, and\n2.2.3. (CVE-2019-0757)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nFor more information, please refer to the upstream doc in the References\nsection. \n\n4. Solution:\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1685475 - CVE-2019-0757 dotnet: NuGet Tampering Vulnerability\n1685718 - Update to .NET Core Runtime 2.2.3 and SDK 2.2.105\n1685720 - Update to .NET Core Runtime 2.1.9 and SDK 2.1.505\n\n6. Package List:\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore10-dotnetcore-1.0.15-1.el7.x86_64.rpm\nrh-dotnetcore10-dotnetcore-debuginfo-1.0.15-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.src.rpm\n\nx86_64:\nrh-dotnetcore11-dotnetcore-1.1.12-1.el7.x86_64.rpm\nrh-dotnetcore11-dotnetcore-debuginfo-1.1.12-1.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet21-2.1-8.el7.src.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.src.rpm\n\nx86_64:\nrh-dotnet21-2.1-8.el7.x86_64.rpm\nrh-dotnet21-dotnet-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-debuginfo-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-host-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-runtime-2.1-2.1.9-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-dotnet-sdk-2.1.5xx-2.1.505-1.el7.x86_64.rpm\nrh-dotnet21-runtime-2.1-8.el7.x86_64.rpm\n\n.NET Core on Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-dotnet22-2.2-4.el7.src.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.src.rpm\n\nx86_64:\nrh-dotnet22-2.2-4.el7.x86_64.rpm\nrh-dotnet22-dotnet-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-debuginfo-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-host-fxr-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-runtime-2.2-2.2.3-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-dotnet-sdk-2.2.1xx-2.2.105-1.el7.x86_64.rpm\nrh-dotnet22-runtime-2.2-4.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2019-0757\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXIkN2NzjgjWX9erEAQifeg//caOX+S+Ysy634WnQ2WKfvAyI2DdmDwtN\njsAXT/zd2ckQrk3Idz09zDrrX3bjCbGSALUEF8DNM9X0xs8LiFJj9fl7pQ8eDDuz\ncsbAv7Th64q9m42KlL4+7s4HBzRRDpfp90JMr9zYWHqoDsYbHi/03wUJbM81txYt\nYbu1oufw3DNzDoPiZ30x1HvNUa4ZHPrB2eV6gVc4kbTZDG08oDvBHCnS9IXbMPRC\nsfkGHU6E+kWS6bs2aHMbSNiw2MkKPgRbMXv10o8FRLbXVJ9swiEgBz0rmuirlxkM\nZubf4mWUGnLIksPzTYrRrGpCbWduD5dR0Ar+DiLaSRmJQ7rzBTFdoBFWwaN+HoGu\ntGwrCe2Ve+Aj8WP3EBxHSmhEG9UT2KxmUSA++lqiw3wZBVHBZD9YX1aP0c8j7tCg\nijhAzzfo1rbCRJkKdACAbxjih4jjHRzt6x3W/qmu3n+gIKXHGelGoKouyvbKb+8A\neqQXoB/W/Dkcz/XHfcII7bDNxZLbT7HVV1fdFAQqGrMcwknVC5ld+N0dnE6tn45r\nLfDyuyO8Sd+7jDilvdEdWYyI6pbRuRNmcZ+gqu/xPyx5cFXYxQehdv1uIAo5vQP1\n35JSu//LGlnoYeYhBoYrtW/forYD77yLKHnlP6/ugcN1JKS+CRAipuDW8nr34ySR\nFvFvp8/nSm4=KwTi\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-0757",
"trust": 3.0
},
{
"db": "BID",
"id": "107285",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152999",
"trust": 0.7
},
{
"db": "NSFOCUS",
"id": "42934",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0808",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.1839",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-0757",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152073",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"id": "VAR-201904-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.21178882
},
"last_update_date": "2023-12-18T13:02:13.321000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mono-project.com/"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager Tampering Vulnerability",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"title": "CVE-2019-0757 | NuGet Package Manager \u306e\u6539\u3056\u3093\u306e\u8106\u5f31\u6027",
"trust": 0.8,
"url": "https://portal.msrc.microsoft.com/ja-jp/security-guidance/advisory/cve-2019-0757"
},
{
"title": "Microsoft NuGet Package Manager Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=90061"
},
{
"title": "The Register",
"trust": 0.2,
"url": "https://www.theregister.co.uk/2019/03/12/march_patch_tuesday_dhcp/"
},
{
"title": "Red Hat: Important: .NET Core on Red Hat Enterprise Linux security update for March 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190544 - security advisory"
},
{
"title": "Red Hat: Important: dotnet security, bug fix, and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20191259 - security advisory"
},
{
"title": "Symantec Threat Intelligence Blog",
"trust": 0.1,
"url": "https://www.symantec.com/blogs/threat-intelligence/microsoft-patch-tuesday-march-2019"
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://access.redhat.com/errata/rhsa-2019:1259"
},
{
"trust": 2.2,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0757"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0757"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/107285"
},
{
"trust": 0.9,
"url": "http://www.microsoft.com"
},
{
"trust": 0.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1685475"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/errata/rhsa-2019:0544"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-0757"
},
{
"trust": 0.8,
"url": "https://www.ipa.go.jp/security/ciadr/vul/20190313-ms.html"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2019/at190012.html"
},
{
"trust": 0.8,
"url": "https://access.redhat.com/security/cve/cve-2019-0757"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152999/red-hat-security-advisory-2019-1259-01.html"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/42934"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.1839/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77050"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2019-0757 "
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/"
},
{
"trust": 0.1,
"url": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/107285"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://github.com/dotnet/core/blob/master/release-notes/2.1/2.1.11/2.1.11.md"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0820"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-0980"
},
{
"trust": 0.1,
"url": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2019-0981"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-0820"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"db": "BID",
"id": "107285"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"db": "PACKETSTORM",
"id": "152999"
},
{
"db": "PACKETSTORM",
"id": "152073"
},
{
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2019-05-22T14:39:27",
"db": "PACKETSTORM",
"id": "152999"
},
{
"date": "2019-03-13T14:27:10",
"db": "PACKETSTORM",
"id": "152073"
},
{
"date": "2019-04-09T02:29:00.600000",
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2019-0757"
},
{
"date": "2019-03-13T09:00:00",
"db": "BID",
"id": "107285"
},
{
"date": "2019-04-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002673"
},
{
"date": "2022-04-11T20:36:04.833000",
"db": "NVD",
"id": "CVE-2019-0757"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Microsoft Product Linux and Mac For NuGet Package Manager Vulnerabilities to be tampered with",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002673"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-445"
}
],
"trust": 0.6
}
}
gsd-2019-0757
Vulnerability from gsd
Modified
2023-12-13 01:23
Details
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2019-0757",
"description": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GSD-2019-0757",
"references": [
"https://access.redhat.com/errata/RHSA-2019:1259",
"https://access.redhat.com/errata/RHSA-2019:0544",
"https://linux.oracle.com/cve/CVE-2019-0757.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2019-0757"
],
"details": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027.",
"id": "GSD-2019-0757",
"modified": "2023-12-13T01:23:39.067349Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio",
"version": {
"version_data": [
{
"version_value": "2017 for Mac"
}
]
}
},
{
"product_name": ".NET Core SDK",
"version": {
"version_data": [
{
"version_value": "1.1 on .NET Core 1.0"
},
{
"version_value": "2.1.500 on .NET Core 2.1"
},
{
"version_value": "2.2.100 on .NET Core 2.2"
},
{
"version_value": "1.1 on .NET Core 1.1"
}
]
}
},
{
"product_name": "Nuget",
"version": {
"version_data": [
{
"version_value": "4.3.1"
},
{
"version_value": "4.4.2"
},
{
"version_value": "4.5.2"
},
{
"version_value": "4.6.3"
},
{
"version_value": "4.7.2"
},
{
"version_value": "4.8.2"
},
{
"version_value": "4.9.4"
}
]
}
},
{
"product_name": "Mono Framework",
"version": {
"version_data": [
{
"version_value": "5.18.0.223"
},
{
"version_value": "5.20.0"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Tampering"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:nuget:4.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.18.0.223:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mono-project:mono_framework:5.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.1.500:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core_sdk:2.2.100:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2019-0757"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package\u0027s folder structure, aka \u0027NuGet Package Manager Tampering Vulnerability\u0027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0757"
},
{
"name": "RHSA-2019:1259",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1259"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2022-04-11T20:36Z",
"publishedDate": "2019-04-09T02:29Z"
}
}
}
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.