Wednesday, March 13, 2019

NuGet package manager tampering vulnerability

Fixed in March regular updates https://threatpost.com/microsoft-patches-two-win32k-bugs-under-active-attack/142742/

The most interesting of the above bugs is CVE-2019-0757 – a NuGet package manager tampering vulnerability. According to commentary by researchers at the Zero Day Initiative, the patch corrects a bug in the NuGet package manager that allows an attacker to modify a package’s folder structure

This is what I was always afraid of, the NuGet thing is out of control and can execute scripts or modify anything without any control. I don't like the idea from the beginning.

NuGet package manager tampering vulnerability Click here
  • Blogger Comment
  • Facebook Comment

0 comments:

Post a Comment

The webdev Team