VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-y2uu-7weq-puhy

Essentials
Severities (24)
References (9)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-y2uu-7weq-puhy
Aliases	CVE-2023-36792 GHSA-3qf9-qxfj-4whc
Summary	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Visual Studio Remote Code Execution Vulnerability
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (5)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-787	Out-of-bounds Write
CWE-190	Integer Overflow or Wraparound

System	Score	Found at
cvssv3	7.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36792.json
epss	0.01439	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01439	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
epss	0.01598	https://api.first.org/data/v1/epss?cve=CVE-2023-36792
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-3qf9-qxfj-4whc
cvssv3.1	7.8	https://github.com/dotnet/runtime
generic_textual	HIGH	https://github.com/dotnet/runtime
cvssv3.1	7.8	https://github.com/dotnet/runtime/issues/91944
generic_textual	HIGH	https://github.com/dotnet/runtime/issues/91944
cvssv3.1	7.8	https://github.com/dotnet/runtime/security/advisories/GHSA-3qf9-qxfj-4whc
cvssv3.1_qr	HIGH	https://github.com/dotnet/runtime/security/advisories/GHSA-3qf9-qxfj-4whc
generic_textual	HIGH	https://github.com/dotnet/runtime/security/advisories/GHSA-3qf9-qxfj-4whc
cvssv3.1	7.8	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
cvssv3.1	7.8	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
generic_textual	HIGH	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
ssvc	Track	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
cvssv3.1	7.8	https://nvd.nist.gov/vuln/detail/CVE-2023-36792
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2023-36792

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36792.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-36792
		https://github.com/dotnet/runtime
		https://github.com/dotnet/runtime/issues/91944
2237521		https://bugzilla.redhat.com/show_bug.cgi?id=2237521
CVE-2023-36792		https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
CVE-2023-36792		https://nvd.nist.gov/vuln/detail/CVE-2023-36792
GHSA-3qf9-qxfj-4whc		https://github.com/advisories/GHSA-3qf9-qxfj-4whc
GHSA-3qf9-qxfj-4whc		https://github.com/dotnet/runtime/security/advisories/GHSA-3qf9-qxfj-4whc

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36792.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/runtime

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/runtime/issues/91944

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/dotnet/runtime/security/advisories/GHSA-3qf9-qxfj-4whc

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-06-28T14:00:38Z/ Found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2023-36792

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.80664
EPSS Score	0.01439
Published At	April 2, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:51:47.447507+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/nuget/Microsoft.NETCore.App.Runtime.win-x86/CVE-2023-36792.yml	38.0.0