VulnerableCode Package Details - pkg:nuget/PowerShell@7.0.0

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:nuget/PowerShell@7.0.0

Essentials
History (30)

purl	pkg:nuget/PowerShell@7.0.0

Next non-vulnerable version	7.1.7
Latest non-vulnerable version	7.3.10
Risk	4.0

Vulnerabilities affecting this package (6)

Vulnerability	Summary	Fixed by
VCID-6j7g-pz7c-y7hd Aliases: CVE-2022-24512 GHSA-c6w8-7mp3-34j9	This advisory has been marked as False-Positive and removed.	7.0.9 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.1.6 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 7.2.2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-c7qw-u98p-1qa9 Aliases: CVE-2021-43896	Authentication Bypass by Spoofing Microsoft PowerShell Spoofing Vulnerability	7.2.1 Affected by 6 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-hh1b-rurr-9qb2 Aliases: CVE-2022-26788 GHSA-q7x5-x7rr-2859	PowerShell Elevation of Privilege Vulnerability.	7.0.10 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.1.7 Affected by 0 other vulnerabilities. 7.2.3 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-rz8f-jn6b-a7fw Aliases: CVE-2022-34716 GHSA-vh55-786g-wjwj GMS-2024-75 GMS-2024-76 GMS-2024-77 GMS-2024-78 GMS-2024-79 GMS-2024-80 GMS-2024-81 GMS-2024-82 GMS-2024-83 GMS-2024-84 GMS-2024-85 GMS-2024-86 GMS-2024-90	.NET Information Disclosure Vulnerability Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ## <a name="affected-software"></a>Affected software * Any .NET 6.0 application running on .NET 6.0.7 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET. ### <a name=".NET Core 3.1"></a>.NET Core 3.1 Package name \| Affected version \| Patched version ------------ \| ---------------- \| ------------------------- [System.Security.Cryptography.Xml](http://system.security)\| <=4.7.0\| 4.7.1 [Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)\| >=3.1.0, 3.1.27\| 3.1.28 [Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)\| >=3.1.0, 3.1.27\| 3.1.28 ### <a name=".NET 6"></a>.NET 6 Package name \| Affected version \| Patched version ------------ \| ---------------- \| ------------------------- [System.Security.Cryptography.Xml](https://www.nuget.org/packages/System.Security.Cryptography.Xml)\| >=5.0.0, 6.0.0\| 6.0.1 [Microsoft.AspNetCore.App.Runtime.win-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-x64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.win-x86](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-x86)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.osx-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-x64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-musl-x64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-x64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-arm)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.win-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.win-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.win-arm)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.osx-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.osx-arm64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-musl-arm64](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm64)\| >=6.0.0, 6.0.7\| 6.0.8 [Microsoft.AspNetCore.App.Runtime.linux-musl-arm](https://www.nuget.org/packages/Microsoft.AspNetCore.App.Runtime.linux-musl-arm)\| >=6.0.0, 6.0.7\| 6.0.8 ## Patches * If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1. ### Other Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/232 An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/43166 MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34716	7.1.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ujyg-uwtg-vqbt Aliases: CVE-2022-23267 GHSA-485p-mrj5-8w2v	Uncontrolled Resource Consumption .NET, Visual Studio and PowerShell Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.	7.1.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v2z1-w1v6-4ufg Aliases: CVE-2020-1108 GHSA-3w5p-jhp5-c29q	A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'.	7.0.1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 7.1.0 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-8zx2-5dv6-xba7	PowerShell is subject to remote code execution vulnerability # Microsoft Security Advisory CVE-2020-0605: .NET Framework Remote Code Execution Vulnerability ## Executive Summary A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. ## Discussion Please [open a support question](https://github.com/PowerShell/PowerShell/issues/new?assignees=&labels=Issue-Question&template=Support_Question.md&title=Support+Question) to discuss the PowerShell aspects of this advisory. Please use https://github.com/dotnet/wpf/issues/2424 for discussion of the .NET WPF aspects of this advisory. ## <a name="affected-software">Affected Software</a> The vulnerability affects PowerShell prior to the following versions: \| PowerShell Core Version \| Fixed in \| \|-------------------------\|-------------------\| \| 6.2 \| Not Affected \| \| 7.0 \| 7.0.0 \| ## Advisory FAQ ### How do I know if I am affected? If all of the following are true: 1. Run `pwsh -v`, then, check the version in the table in [Affected Software](#user-content-affected-software) to see if your version of PowerShell is affected. 1. If you are running a version of PowerShell where the executable is not `pwsh` or `pwsh.exe`, then you are affected. This only existed for preview version of `7.0`. ### How do I update to an unaffected version? Follow the instructions at [Installing PowerShell](https://docs.microsoft.com/en-us/powershell/scripting/setup/installing-powershell?view=powershell-7) to install the latest version of PowerShell. ## Other Information ### Reporting Security Issues If you have found a potential security issue in PowerShell, please email details to secure@microsoft.com. ### Support You can ask questions about this issue on GitHub in the PowerShell organization. This is located at https://github.com/PowerShell/. The Announcements repo (https://github.com/PowerShell/Announcements) will contain this bulletin as an issue and will include a link to a discussion issue where you can ask questions. ### What if the update breaks my script or module? You can uninstall the newer version of PowerShell and install the previous version of PowerShell. This should be treated as a temporary measure. Therefore, the script or module should be updated to work with the patched version of PowerShell. ### Acknowledgments Soroush Dalili ([@irsdl](https://twitter.com/irsdl)) ### External Links [CVE-2020-0605](https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605) ### Revisions <!-- TBD: update date --> V1.0 (March 10, 2020): Advisory published. Version 1.0 Last Updated 2020-03-10	GHSA-jcmq-5rrv-j2g4 GMS-2024-88

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:49:45.672387+00:00	GitLab Importer	Fixing	VCID-8zx2-5dv6-xba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/GMS-2024-88.yml	38.4.0
2026-04-16T22:06:51.459181+00:00	GitLab Importer	Affected by	VCID-rz8f-jn6b-a7fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-34716.yml	38.4.0
2026-04-16T21:46:57.278956+00:00	GitLab Importer	Affected by	VCID-ujyg-uwtg-vqbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-23267.yml	38.4.0
2026-04-16T21:44:56.589530+00:00	GitLab Importer	Affected by	VCID-hh1b-rurr-9qb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-26788.yml	38.4.0
2026-04-16T21:41:58.312947+00:00	GitLab Importer	Affected by	VCID-6j7g-pz7c-y7hd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-24512.yml	38.4.0
2026-04-16T21:36:30.381284+00:00	GitLab Importer	Affected by	VCID-c7qw-u98p-1qa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2021-43896.yml	38.4.0
2026-04-16T21:03:40.770767+00:00	GitLab Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2020-1108.yml	38.4.0
2026-04-12T00:09:29.360209+00:00	GitLab Importer	Fixing	VCID-8zx2-5dv6-xba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/GMS-2024-88.yml	38.3.0
2026-04-11T23:23:07.303150+00:00	GitLab Importer	Affected by	VCID-rz8f-jn6b-a7fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-34716.yml	38.3.0
2026-04-11T23:02:46.409118+00:00	GitLab Importer	Affected by	VCID-ujyg-uwtg-vqbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-23267.yml	38.3.0
2026-04-11T23:00:38.313069+00:00	GitLab Importer	Affected by	VCID-hh1b-rurr-9qb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-26788.yml	38.3.0
2026-04-11T22:57:26.311795+00:00	GitLab Importer	Affected by	VCID-6j7g-pz7c-y7hd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-24512.yml	38.3.0
2026-04-11T22:50:13.947685+00:00	GitLab Importer	Affected by	VCID-c7qw-u98p-1qa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2021-43896.yml	38.3.0
2026-04-11T22:15:03.911247+00:00	GitLab Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2020-1108.yml	38.3.0
2026-04-03T00:14:20.332887+00:00	GitLab Importer	Fixing	VCID-8zx2-5dv6-xba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/GMS-2024-88.yml	38.1.0
2026-04-02T23:29:44.594749+00:00	GitLab Importer	Affected by	VCID-rz8f-jn6b-a7fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-34716.yml	38.1.0
2026-04-02T23:11:10.093951+00:00	GitLab Importer	Affected by	VCID-ujyg-uwtg-vqbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-23267.yml	38.1.0
2026-04-02T23:09:12.554736+00:00	GitLab Importer	Affected by	VCID-hh1b-rurr-9qb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-26788.yml	38.1.0
2026-04-02T23:06:21.438512+00:00	GitLab Importer	Affected by	VCID-6j7g-pz7c-y7hd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-24512.yml	38.1.0
2026-04-02T22:59:37.380019+00:00	GitLab Importer	Affected by	VCID-c7qw-u98p-1qa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2021-43896.yml	38.1.0
2026-04-02T22:27:20.700633+00:00	GitLab Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2020-1108.yml	38.1.0
2026-04-01T17:51:09.648857+00:00	GitLab Importer	Affected by	VCID-rz8f-jn6b-a7fw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-34716.yml	38.0.0
2026-04-01T16:45:20.771351+00:00	GitLab Importer	Affected by	VCID-v2z1-w1v6-4ufg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2020-1108.yml	38.0.0
2026-04-01T16:04:26.185823+00:00	GHSA Importer	Fixing	VCID-8zx2-5dv6-xba7	https://github.com/advisories/GHSA-jcmq-5rrv-j2g4	38.0.0
2026-04-01T12:52:27.078094+00:00	GitLab Importer	Fixing	VCID-8zx2-5dv6-xba7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/GMS-2024-88.yml	38.0.0
2026-04-01T12:50:32.224959+00:00	GithubOSV Importer	Fixing	VCID-8zx2-5dv6-xba7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-jcmq-5rrv-j2g4/GHSA-jcmq-5rrv-j2g4.json	38.0.0
2026-04-01T12:50:04.384292+00:00	GitLab Importer	Affected by	VCID-ujyg-uwtg-vqbt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-23267.yml	38.0.0
2026-04-01T12:49:50.146903+00:00	GitLab Importer	Affected by	VCID-hh1b-rurr-9qb2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-26788.yml	38.0.0
2026-04-01T12:49:39.252740+00:00	GitLab Importer	Affected by	VCID-6j7g-pz7c-y7hd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2022-24512.yml	38.0.0
2026-04-01T12:49:10.886145+00:00	GitLab Importer	Affected by	VCID-c7qw-u98p-1qa9	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/PowerShell/CVE-2021-43896.yml	38.0.0