{"url":"http://public2.vulnerablecode.io/api/packages/1067199?format=json","purl":"pkg:nuget/NuGet.Packaging@7.0.0","type":"nuget","namespace":"","name":"NuGet.Packaging","version":"7.0.0","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"7.0.3","latest_non_vulnerable_version":"7.3.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352008?format=json","vulnerability_id":"VCID-xxrj-7szv-s3cm","summary":"Defense in Depth update for NuGet Client\n### Impact\nThis update adds validation of the package ID and version during package download, in addition to the existing package signature validation.\n\n### Patches\n\n#### NuGet\n\nThe following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched:\n\n|Affected versions|Patched version|\n|--|--|\n|>= 4.9.0, <= 4.9.6|4.9.7|\n|>= 5.11.0, <= 5.11.6|5.11.7|\n|>= 6.8.0, <= 6.8.1|6.8.2|\n|>= 6.11.0, <= 6.11.1|6.11.2|\n|>= 6.12.0, <= 6.12.4|6.12.5|\n|>= 6.14.0, <= 6.14.2|6.14.3|\n|>= 7.0.0, <= 7.0.2|7.0.3|\n|7.3.0|7.3.1|\n\n#### .NET SDK\n\n* .NET 8.0.126 SDK\n* .NET 8.0.420 SDK\n* .NET 9.0.116 SDK\n* .NET 9.0.313 SDK\n* .NET 10.0.106 SDK\n* .NET 10.0.202 SDK\n\n### Workarounds\nN/A\n\n### References\nhttps://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr\n\n### Credit\n[splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)","references":[{"reference_url":"https://github.com/NuGet/NuGet.Client","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGet.Client"},{"reference_url":"https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg"},{"reference_url":"https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr"},{"reference_url":"https://github.com/advisories/GHSA-g4vj-cjjj-v7hg","reference_id":"GHSA-g4vj-cjjj-v7hg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4vj-cjjj-v7hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066994?format=json","purl":"pkg:nuget/NuGet.Packaging@7.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1066996?format=json","purl":"pkg:nuget/NuGet.Packaging@7.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.3.1"}],"aliases":["GHSA-g4vj-cjjj-v7hg"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxrj-7szv-s3cm"}],"fixing_vulnerabilities":[],"risk_score":"1.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.0.0"}