{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/352008?format=json","vulnerability_id":"VCID-xxrj-7szv-s3cm","summary":"Defense in Depth update for NuGet Client\n### Impact\nThis update adds validation of the package ID and version during package download, in addition to the existing package signature validation.\n\n### Patches\n\n#### NuGet\n\nThe following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched:\n\n|Affected versions|Patched version|\n|--|--|\n|>= 4.9.0, <= 4.9.6|4.9.7|\n|>= 5.11.0, <= 5.11.6|5.11.7|\n|>= 6.8.0, <= 6.8.1|6.8.2|\n|>= 6.11.0, <= 6.11.1|6.11.2|\n|>= 6.12.0, <= 6.12.4|6.12.5|\n|>= 6.14.0, <= 6.14.2|6.14.3|\n|>= 7.0.0, <= 7.0.2|7.0.3|\n|7.3.0|7.3.1|\n\n#### .NET SDK\n\n* .NET 8.0.126 SDK\n* .NET 8.0.420 SDK\n* .NET 9.0.116 SDK\n* .NET 9.0.313 SDK\n* .NET 10.0.106 SDK\n* .NET 10.0.202 SDK\n\n### Workarounds\nN/A\n\n### References\nhttps://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr\n\n### Credit\n[splitline](https://x.com/_splitline_) with [DEVCORE](https://devco.re/)","aliases":[{"alias":"GHSA-g4vj-cjjj-v7hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1066989?format=json","purl":"pkg:nuget/NuGet.Packaging@5.11.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@5.11.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1066990?format=json","purl":"pkg:nuget/NuGet.Packaging@6.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1066991?format=json","purl":"pkg:nuget/NuGet.Packaging@6.11.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1066992?format=json","purl":"pkg:nuget/NuGet.Packaging@6.12.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.12.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1066993?format=json","purl":"pkg:nuget/NuGet.Packaging@6.14.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.14.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1066994?format=json","purl":"pkg:nuget/NuGet.Packaging@7.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1066996?format=json","purl":"pkg:nuget/NuGet.Packaging@7.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1066998?format=json","purl":"pkg:nuget/NuGet.Protocol@5.11.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@5.11.7"},{"url":"http://public2.vulnerablecode.io/api/packages/1066999?format=json","purl":"pkg:nuget/NuGet.Protocol@6.8.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.8.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067000?format=json","purl":"pkg:nuget/NuGet.Protocol@6.11.2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.11.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067001?format=json","purl":"pkg:nuget/NuGet.Protocol@6.12.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.12.5"},{"url":"http://public2.vulnerablecode.io/api/packages/1067002?format=json","purl":"pkg:nuget/NuGet.Protocol@6.14.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.14.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1067003?format=json","purl":"pkg:nuget/NuGet.Protocol@7.0.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.0.3"},{"url":"http://public2.vulnerablecode.io/api/packages/1067005?format=json","purl":"pkg:nuget/NuGet.Protocol@7.3.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.3.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1067184?format=json","purl":"pkg:nuget/NuGet.CommandLine@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@4.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/79703?format=json","purl":"pkg:nuget/NuGet.CommandLine@4.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@4.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1067198?format=json","purl":"pkg:nuget/NuGet.CommandLine@5.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@5.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54586?format=json","purl":"pkg:nuget/NuGet.CommandLine@5.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@5.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/50445?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zs5-gfxg-efgb"},{"vulnerability":"VCID-st1x-3kvj-nfgg"},{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/50446?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067192?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067193?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067190?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067191?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1067201?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067202?format=json","purl":"pkg:nuget/NuGet.CommandLine@6.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@6.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067194?format=json","purl":"pkg:nuget/NuGet.CommandLine@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@7.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067195?format=json","purl":"pkg:nuget/NuGet.CommandLine@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@7.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067013?format=json","purl":"pkg:nuget/NuGet.CommandLine@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.CommandLine@7.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067182?format=json","purl":"pkg:nuget/NuGet.Packaging@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@4.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067183?format=json","purl":"pkg:nuget/NuGet.Packaging@4.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@4.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/660363?format=json","purl":"pkg:nuget/NuGet.Packaging@5.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zs5-gfxg-efgb"},{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@5.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54587?format=json","purl":"pkg:nuget/NuGet.Packaging@5.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@5.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/54611?format=json","purl":"pkg:nuget/NuGet.Packaging@6.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zs5-gfxg-efgb"},{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/54612?format=json","purl":"pkg:nuget/NuGet.Packaging@6.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067180?format=json","purl":"pkg:nuget/NuGet.Packaging@6.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067181?format=json","purl":"pkg:nuget/NuGet.Packaging@6.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067205?format=json","purl":"pkg:nuget/NuGet.Packaging@6.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067206?format=json","purl":"pkg:nuget/NuGet.Packaging@6.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1067210?format=json","purl":"pkg:nuget/NuGet.Packaging@6.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067211?format=json","purl":"pkg:nuget/NuGet.Packaging@6.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@6.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067199?format=json","purl":"pkg:nuget/NuGet.Packaging@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067200?format=json","purl":"pkg:nuget/NuGet.Packaging@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1066995?format=json","purl":"pkg:nuget/NuGet.Packaging@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Packaging@7.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067209?format=json","purl":"pkg:nuget/NuGet.Protocol@4.9.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@4.9.0"},{"url":"http://public2.vulnerablecode.io/api/packages/79710?format=json","purl":"pkg:nuget/NuGet.Protocol@4.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@4.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/336509?format=json","purl":"pkg:nuget/NuGet.Protocol@5.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5fx1-z4cb-hyd8"},{"vulnerability":"VCID-xxrj-7szv-s3cm"},{"vulnerability":"VCID-yp6p-q3tf-5qb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@5.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067189?format=json","purl":"pkg:nuget/NuGet.Protocol@5.11.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@5.11.6"},{"url":"http://public2.vulnerablecode.io/api/packages/1067187?format=json","purl":"pkg:nuget/NuGet.Protocol@6.8.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.8.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067188?format=json","purl":"pkg:nuget/NuGet.Protocol@6.8.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.8.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067207?format=json","purl":"pkg:nuget/NuGet.Protocol@6.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067208?format=json","purl":"pkg:nuget/NuGet.Protocol@6.11.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.11.1"},{"url":"http://public2.vulnerablecode.io/api/packages/1067196?format=json","purl":"pkg:nuget/NuGet.Protocol@6.12.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.12.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067197?format=json","purl":"pkg:nuget/NuGet.Protocol@6.12.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.12.4"},{"url":"http://public2.vulnerablecode.io/api/packages/1067203?format=json","purl":"pkg:nuget/NuGet.Protocol@6.14.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.14.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067204?format=json","purl":"pkg:nuget/NuGet.Protocol@6.14.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@6.14.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067185?format=json","purl":"pkg:nuget/NuGet.Protocol@7.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/1067186?format=json","purl":"pkg:nuget/NuGet.Protocol@7.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/1067004?format=json","purl":"pkg:nuget/NuGet.Protocol@7.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-xxrj-7szv-s3cm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/NuGet.Protocol@7.3.0"}],"references":[{"reference_url":"https://github.com/NuGet/NuGet.Client","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGet.Client"},{"reference_url":"https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-g4vj-cjjj-v7hg"},{"reference_url":"https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-9r3h-v4hx-rhfr"},{"reference_url":"https://github.com/advisories/GHSA-g4vj-cjjj-v7hg","reference_id":"GHSA-g4vj-cjjj-v7hg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g4vj-cjjj-v7hg"}],"weaknesses":[{"cwe_id":345,"name":"Insufficient Verification of Data Authenticity","description":"The product does not sufficiently verify the origin or authenticity of data, in a way that causes it to accept invalid data."}],"exploits":[],"severity_range_score":"0.1 - 3","exploitability":"0.5","weighted_severity":"2.7","risk_score":1.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xxrj-7szv-s3cm"}