High severityNVD Advisory· Published Jun 14, 2023· Updated Jan 1, 2025
NuGet Client Remote Code Execution Vulnerability
CVE-2023-29337
Description
NuGet Client Remote Code Execution Vulnerability
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
NuGet.PackageManagementNuGet | >= 6.0.0, < 6.0.5 | 6.0.5 |
NuGet.PackageManagementNuGet | >= 6.2.0, < 6.2.4 | 6.2.4 |
NuGet.PackageManagementNuGet | >= 6.3.0, < 6.3.3 | 6.3.3 |
NuGet.PackageManagementNuGet | >= 6.4.0, < 6.4.2 | 6.4.2 |
NuGet.PackageManagementNuGet | >= 6.5.0, < 6.5.1 | 6.5.1 |
NuGet.PackageManagementNuGet | >= 6.6.0, < 6.6.1 | 6.6.1 |
NuGet.CommandsNuGet | >= 6.0.0, < 6.0.5 | 6.0.5 |
NuGet.CommandsNuGet | >= 6.2.0, < 6.2.4 | 6.2.4 |
NuGet.CommandsNuGet | >= 6.3.0, < 6.3.3 | 6.3.3 |
NuGet.CommandsNuGet | >= 6.4.0, < 6.4.2 | 6.4.2 |
NuGet.CommandsNuGet | >= 6.5.0, < 6.5.1 | 6.5.1 |
NuGet.CommandsNuGet | >= 6.6.0, < 6.6.1 | 6.6.1 |
NuGet.CommandLineNuGet | >= 6.0.0, < 6.0.5 | 6.0.5 |
NuGet.CommandLineNuGet | >= 6.2.0, < 6.2.4 | 6.2.4 |
NuGet.CommandLineNuGet | >= 6.3.0, < 6.3.3 | 6.3.3 |
NuGet.CommandLineNuGet | >= 6.4.0, < 6.4.2 | 6.4.2 |
NuGet.CommandLineNuGet | >= 6.5.0, < 6.5.1 | 6.5.1 |
NuGet.CommandLineNuGet | >= 6.6.0, < 6.6.1 | 6.6.1 |
NuGet.CommonNuGet | >= 6.0.0, < 6.0.5 | 6.0.5 |
NuGet.CommonNuGet | >= 6.2.0, < 6.2.4 | 6.2.4 |
NuGet.CommonNuGet | >= 6.3.0, < 6.3.3 | 6.3.3 |
NuGet.CommonNuGet | >= 6.4.0, < 6.4.2 | 6.4.2 |
NuGet.CommonNuGet | >= 6.5.0, < 6.5.1 | 6.5.1 |
NuGet.CommonNuGet | >= 6.6.0, < 6.6.1 | 6.6.1 |
NuGet.ProtocolNuGet | >= 6.0.0, < 6.0.5 | 6.0.5 |
NuGet.ProtocolNuGet | >= 6.2.0, < 6.2.4 | 6.2.4 |
NuGet.ProtocolNuGet | >= 6.3.0, < 6.3.3 | 6.3.3 |
NuGet.ProtocolNuGet | >= 6.4.0, < 6.4.2 | 6.4.2 |
NuGet.ProtocolNuGet | >= 6.5.0, < 6.5.1 | 6.5.1 |
NuGet.ProtocolNuGet | >= 6.6.0, < 6.6.1 | 6.6.1 |
NuGet.PackageManagementNuGet | >= 4.6.0, < 5.11.5 | 5.11.5 |
NuGet.CommandsNuGet | >= 4.6.0, < 5.11.5 | 5.11.5 |
NuGet.CommandLineNuGet | >= 4.6.0, < 5.11.5 | 5.11.5 |
NuGet.CommonNuGet | >= 4.6.0, < 5.11.5 | 5.11.5 |
NuGet.ProtocolNuGet | >= 4.7.0, < 5.11.5 | 5.11.5 |
Affected products
34- ghsa-coords27 versionspkg:nuget/microsoft.build.nugetsdkresolverpkg:nuget/nuget.commandlinepkg:nuget/nuget.commandspkg:nuget/nuget.commonpkg:nuget/nuget.packagemanagementpkg:nuget/nuget.protocolpkg:rpm/almalinux/aspnetcore-runtime-6.0pkg:rpm/almalinux/aspnetcore-runtime-7.0pkg:rpm/almalinux/aspnetcore-targeting-pack-6.0pkg:rpm/almalinux/aspnetcore-targeting-pack-7.0pkg:rpm/almalinux/dotnetpkg:rpm/almalinux/dotnet-apphost-pack-6.0pkg:rpm/almalinux/dotnet-apphost-pack-7.0pkg:rpm/almalinux/dotnet-hostpkg:rpm/almalinux/dotnet-hostfxr-6.0pkg:rpm/almalinux/dotnet-hostfxr-7.0pkg:rpm/almalinux/dotnet-runtime-6.0pkg:rpm/almalinux/dotnet-runtime-7.0pkg:rpm/almalinux/dotnet-sdk-6.0pkg:rpm/almalinux/dotnet-sdk-6.0-source-built-artifactspkg:rpm/almalinux/dotnet-sdk-7.0pkg:rpm/almalinux/dotnet-sdk-7.0-source-built-artifactspkg:rpm/almalinux/dotnet-targeting-pack-6.0pkg:rpm/almalinux/dotnet-targeting-pack-7.0pkg:rpm/almalinux/dotnet-templates-6.0pkg:rpm/almalinux/dotnet-templates-7.0pkg:rpm/almalinux/netstandard-targeting-pack-2.1
(expand)+ 26 more
- (no CPE)
- (no CPE)range: >= 6.0.0, < 6.0.5
- (no CPE)range: >= 6.0.0, < 6.0.5
- (no CPE)range: >= 6.0.0, < 6.0.5
- (no CPE)range: >= 6.0.0, < 6.0.5
- (no CPE)range: >= 6.0.0, < 6.0.5
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 7.0.107-1.el8_8
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 6.0.18-1.el9_2
- (no CPE)range: < 7.0.7-1.el9_2
- (no CPE)range: < 6.0.118-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- (no CPE)range: < 7.0.107-1.el9_2
- Microsoft/NuGet 5.11.4v5Range: 5.0.0
- Microsoft/NuGet 6.0.4v5Range: 6.0.0
- Microsoft/NuGet 6.2.3v5Range: 6.0.0
- Microsoft/NuGet 6.3.2v5Range: 6.0.0
- Microsoft/NuGet 6.4.1v5Range: 6.0.0
- Microsoft/NuGet 6.5.0v5Range: 6.0.0
- Microsoft/NuGet 6.6.0v5Range: 6.0.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6qmf-mmc7-6c2pghsaADVISORY
- msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337ghsavendor-advisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2023-29337ghsaADVISORY
- github.com/NuGet/NuGet.Client/commit/7fe6b814c901490292f02d8ea12749505fbb959aghsaWEB
- github.com/NuGet/NuGet.Client/security/advisories/GHSA-6qmf-mmc7-6c2pghsaWEB
News mentions
0No linked articles in our index yet.