Proget
by Inedo
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-14944 | Hig | 0.49 | 7.5 | 0.01 | Sep 30, 2017 | Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060. | ||
| CVE-2025-47244 | Hig | 0.48 | 7.3 | 0.00 | May 3, 2025 | Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.… | ||
| CVE-2017-15608 | Med | 0.42 | 6.5 | 0.00 | Sep 26, 2018 | Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings. |
- risk 0.49cvss 7.5epss 0.01
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
- risk 0.48cvss 7.3epss 0.00
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.…
- risk 0.42cvss 6.5epss 0.00
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.