NuGet package manager tampering vulnerability
Fixed in March regular updates https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/
The most interesting of the above bugs is CVE-2019-0757 – a NuGet package manager tampering vulnerability. According to commentary by researchers at the Zero Day Initiative, the patch corrects a bug in the NuGet package manager that allows an attacker to modify a package’s folder structure
This is what I was always afraid of, the NuGet thing is out of control and can execute scripts or modify anything without any control. I don't like the idea from the beginning.
0 comments:
Post a Comment