Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-sv3w-aygm-pyh8
Vulnerability ID VCID-sv3w-aygm-pyh8
Aliases CVE-2023-29331
GHSA-555c-2p6r-68mm
Summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-400 Uncontrolled Resource Consumption
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29331.json
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01058 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01128 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01128 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01128 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
epss 0.01128 https://api.first.org/data/v1/epss?cve=CVE-2023-29331
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-555c-2p6r-68mm
cvssv3.1 7.5 https://github.com/dotnet/announcements/issues/257
generic_textual HIGH https://github.com/dotnet/announcements/issues/257
cvssv3.1 7.5 https://github.com/dotnet/runtime
generic_textual HIGH https://github.com/dotnet/runtime
cvssv3.1 7.5 https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm
cvssv3.1_qr HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm
generic_textual HIGH https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
cvssv3.1 7.5 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
generic_textual HIGH https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
ssvc Track https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2023-29331
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2023-29331
cvssv3.1 7.5 https://support.microsoft.com/kb/5025823
generic_textual HIGH https://support.microsoft.com/kb/5025823
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29331.json
https://api.first.org/data/v1/epss?cve=CVE-2023-29331
https://github.com/dotnet/announcements/issues/257
https://github.com/dotnet/runtime
https://support.microsoft.com/kb/5025823
2212617 https://bugzilla.redhat.com/show_bug.cgi?id=2212617
CVE-2023-29331 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
CVE-2023-29331 https://nvd.nist.gov/vuln/detail/CVE-2023-29331
GHSA-555c-2p6r-68mm https://github.com/advisories/GHSA-555c-2p6r-68mm
GHSA-555c-2p6r-68mm https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm
RHSA-2023:3580 https://access.redhat.com/errata/RHSA-2023:3580
RHSA-2023:3581 https://access.redhat.com/errata/RHSA-2023:3581
RHSA-2023:3582 https://access.redhat.com/errata/RHSA-2023:3582
RHSA-2023:3592 https://access.redhat.com/errata/RHSA-2023:3592
RHSA-2023:3593 https://access.redhat.com/errata/RHSA-2023:3593
RHSA-2023:4448 https://access.redhat.com/errata/RHSA-2023:4448
RHSA-2023:4449 https://access.redhat.com/errata/RHSA-2023:4449
USN-6161-1 https://usn.ubuntu.com/6161-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-29331.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/announcements/issues/257
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/dotnet/runtime/security/advisories/GHSA-555c-2p6r-68mm
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-28T20:20:14Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-29331
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://support.microsoft.com/kb/5025823
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.7756
EPSS Score 0.01058
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:51:22.599719+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.linux-arm64/CVE-2023-29331.yml 38.0.0