External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| Microsoft.Build.Tasks.Core(NuGet) | 15.8.166 | 15.9.30 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 16.0.461 | 16.11.6 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.0.0 | 17.8.29 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.9.5 | 17.10.29 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.11.4 | 17.12.36 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.12.6 | 17.13.26 | N/A |
| Microsoft.Build.Tasks.Core(NuGet) | 17.13.9 | 17.14.8 | N/A |
CVSS Metrics
