CVE-2023-29337

Name

CVE-2023-29337

Description

NuGet Client Remote Code Execution Vulnerability

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
vendor-advisory	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:microsoft:nuget:6.2.3:::::::*`	nuget	>= 6.0.0	< 6.2.4
`cpe:2.3:a:microsoft:nuget:6.4.1:::::::*`	nuget	>= 6.0.0	< 6.4.2
`cpe:2.3:a:microsoft:nuget:6.5.0:::::::*`	nuget	>= 6.0.0	< 6.5.1
`cpe:2.3:a:microsoft:nuget:6.3.2:::::::*`	nuget	>= 6.0.0	< 6.3.3
`cpe:2.3:a:microsoft:nuget:6.0.4:::::::*`	nuget	>= 6.0.0	< 6.0.5
`cpe:2.3:a:microsoft:nuget:6.6.0:::::::*`	nuget	>= 6.0.0	< 6.6.0
`cpe:2.3:a:microsoft:nuget:5.11.4:::::::*`	nuget	>= 5.0.0	< 5.11.5

Source package	Branch	Version	Maintainer	Status
dotnet7-runtime	edge-community	7.0.7-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-runtime	3.19-community	7.0.7-r0	None	fixed
dotnet7-runtime	3.18-community	7.0.7-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	edge-community	7.0.107-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet7-build	3.19-community	7.0.107-r0	None	fixed
dotnet7-build	3.18-community	7.0.107-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	edge-community	6.0.18-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-runtime	3.20-community	6.0.18-r0	None	fixed
dotnet6-runtime	3.19-community	6.0.18-r0	None	fixed
dotnet6-runtime	3.18-community	6.0.18-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	edge-community	6.0.118-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed
dotnet6-build	3.20-community	6.0.118-r0	None	fixed
dotnet6-build	3.19-community	6.0.118-r0	None	fixed
dotnet6-build	3.18-community	6.0.118-r0	Antoine Martin (ayakael) <dev@ayakael.net>	fixed