vulnerability
Oracle Linux: CVE-2019-0757: ELSA-2019-1259: dotnet security, bug fix, and enhancement update (IMPORTANT)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:N/I:P/A:N) | Mar 12, 2019 | Jul 22, 2024 | Dec 3, 2025 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:N/I:P/A:N)
Published
Mar 12, 2019
Added
Jul 22, 2024
Modified
Dec 3, 2025
Description
A tampering vulnerability exists in the NuGet Package Manager for Linux and Mac that could allow an authenticated attacker to modify a NuGet package's folder structure, aka 'NuGet Package Manager Tampering Vulnerability'.
A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in dotnet. A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploits the vulnerability could run arbitrary code in the context of the current user. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Solutions
oracle-linux-upgrade-dotnetoracle-linux-upgrade-dotnet-hostoracle-linux-upgrade-dotnet-host-fxr-2-1oracle-linux-upgrade-dotnet-runtime-2-1oracle-linux-upgrade-dotnet-sdk-2-1oracle-linux-upgrade-dotnet-sdk-2-1-5xx
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.