
Find real vulnerabilities before they ship
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
Base Score
8| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Microsoft.Build.Tasks.Core(NuGet) | 15.8.166 | 15.9.30 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 16.0.461 | 16.11.6 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.0.0 | 17.8.29 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.9.5 | 17.10.29 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.11.4 | 17.12.36 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.12.6 | 17.13.26 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.13.9 | 17.14.8 | N/A |
| Base Score | 8 |
|---|---|
| Vector String | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
| Base Severity | High |
| Version | 3.1 |
| Attack Vector (AV) | NETWORK |