Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-24512 (GCVE-0-2022-24512)
Vulnerability from cvelistv5 – Published: 2022-03-09 17:08 – Updated: 2025-07-08 15:31
VLAI?
EPSS
Title
.NET and Visual Studio Remote Code Execution Vulnerability
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Severity ?
CWE
- Remote Code Execution
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Microsoft | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) |
Affected:
16.0.0 , < 16.7.26
(custom)
|
|||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.019Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.7.26",
"status": "affected",
"version": "16.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.9.18",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "16.11.11",
"status": "affected",
"version": "16.11.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "Microsoft Visual Studio 2022 version 17.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "17.0.7",
"status": "affected",
"version": "17.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 5.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "5.0.15",
"status": "affected",
"version": "5.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET 6.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "6.0.3",
"status": "affected",
"version": "6.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": ".NET Core 3.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "3.1.23",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.2",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.2.2",
"status": "affected",
"version": "7.2.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.0",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.0.9",
"status": "affected",
"version": "7.0.0",
"versionType": "custom"
}
]
},
{
"platforms": [
"Unknown"
],
"product": "PowerShell 7.1",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "7.1.6",
"status": "affected",
"version": "7.1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "15.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.0.15",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.0.3",
"versionStartIncluding": "6.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.1.23",
"versionStartIncluding": "3.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell_core:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2022-03-08T08:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en-US",
"type": "Impact"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-08T15:31:32.909Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": ".NET and Visual Studio Remote Code Execution Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
}
],
"title": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2022-24512",
"datePublished": "2022-03-09T17:08:15.000Z",
"dateReserved": "2022-02-05T00:00:00.000Z",
"dateUpdated": "2025-07-08T15:31:32.909Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
FKIE_CVE-2022-24512
Vulnerability from fkie_nvd - Published: 2022-03-09 17:15 - Updated: 2024-11-21 06:50
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
References
| URL | Tags | ||
|---|---|---|---|
| secure@microsoft.com | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512 | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| microsoft | .net | 5.0 | |
| microsoft | .net | 6.0.0 | |
| microsoft | .net_core | 3.1 | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | powershell | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2019 | * | |
| microsoft | visual_studio_2022 | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 35 | |
| fedoraproject | fedora | 36 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F02D5C-61F1-4381-8D64-8BEB5CED0DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "70BE107E-20A0-4998-A8ED-BCC414C6BDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F72A4A-239D-4362-B42C-2B125FD977AB",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C644EF-33B6-440F-8051-6A0D3C096F67",
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6222A0C-EC9B-4AB2-A89F-5D62B381A212",
"versionEndIncluding": "16.6.4",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367AC9B2-D639-40F6-93FB-822F73E65C30",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9599DF-664B-4630-9FCD-7FCD846728A1",
"versionEndIncluding": "16.8.7",
"versionStartIncluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4338A4F9-0FE2-40F4-B184-86B9F5EF1EED",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "16.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E2777-4D9B-4710-9575-250B04E1AE0C",
"versionEndIncluding": "16.10.4",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1265006-B9CB-4E89-B6E8-F9EC1D6C7405",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C72810F-D156-49CE-A325-7E6A63C9E4A3",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en .NET y Visual Studio"
}
],
"id": "CVE-2022-24512",
"lastModified": "2024-11-21T06:50:34.683",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "secure@microsoft.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-03-09T17:15:15.737",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GSD-2022-24512
Vulnerability from gsd - Updated: 2023-12-13 01:19Details
.NET and Visual Studio Remote Code Execution Vulnerability
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-24512",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"id": "GSD-2022-24512",
"references": [
"https://access.redhat.com/errata/RHSA-2022:0832",
"https://access.redhat.com/errata/RHSA-2022:0830",
"https://access.redhat.com/errata/RHSA-2022:0829",
"https://access.redhat.com/errata/RHSA-2022:0828",
"https://access.redhat.com/errata/RHSA-2022:0827",
"https://access.redhat.com/errata/RHSA-2022:0826",
"https://linux.oracle.com/cve/CVE-2022-24512.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-24512"
],
"details": ".NET and Visual Studio Remote Code Execution Vulnerability",
"id": "GSD-2022-24512",
"modified": "2023-12-13T01:19:42.908063Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2022-24512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.0.0",
"version_value": "16.7.26"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "15.0.0",
"version_value": "16.9.18"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "16.11.0",
"version_value": "16.11.11"
}
]
}
},
{
"product_name": "Microsoft Visual Studio 2022 version 17.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "17.0.0",
"version_value": "17.0.7"
}
]
}
},
{
"product_name": ".NET 5.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "5.0.0",
"version_value": "5.0.15"
}
]
}
},
{
"product_name": ".NET 6.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "6.0.0",
"version_value": "6.0.3"
}
]
}
},
{
"product_name": ".NET Core 3.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "3.1",
"version_value": "3.1.23"
}
]
}
},
{
"product_name": "PowerShell 7.2",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.2.0",
"version_value": "7.2.2"
}
]
}
},
{
"product_name": "PowerShell 7.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.0.0",
"version_value": "7.0.9"
}
]
}
},
{
"product_name": "PowerShell 7.1",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "7.1.0",
"version_value": "7.1.6"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
]
},
"impact": {
"cvss": [
{
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C",
"version": "3.1"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512",
"refsource": "MISC",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "8b1938eb-6a84-4111-af0f-18485dbc113e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "64dbf739-8374-4c32-9f72-0833d473bc69"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "23922f15-b58a-4d88-aec4-38e8598d34bf"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "a23db459-d5a7-4a8c-a35d-619918ed4560"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "063036ab-4f0d-4461-a7f7-42c419fcd13e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "82dc0fa8-38c3-4cc2-b8d6-12dd003c8317"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "3e4f5a2d-007e-4069-b95b-157b0c67f6bb"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "1797be0e-7009-44f6-abb1-7502cb4e9520"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "2d840f93-b836-4396-aa0b-1f7fbda70f24"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "49aed9aa-b86e-48f6-aa78-9ebaf9e2afb0"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "22d977b9-dca2-4276-8353-cb2dc97670c5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "786171be-43a0-4879-a498-8f77c53229a3"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "9f714152-a571-4c2d-a4ec-a982c3d13fd7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "d8e1b6fc-777c-4f4b-b9a4-b0527c0f08af"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "36a0bf69-5f03-481b-8660-9dba6ba9d43c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "2c08fd81-1818-4edb-a552-0d6fcbb74161"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "e48adff9-2492-43bb-b40a-bc1d81a01f59"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "46b9e502-1e6a-4410-a267-cfe3b84e5f5e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "6be33889-ef86-4b33-8290-7e8314a7dfb4"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "f0b003bf-effd-4318-850b-d7f120e5b5bc"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "5ed14687-2713-4a3f-9b32-12e3671afa0f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "1a02b37f-23d6-4a8a-a29b-8c17414c6d59"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "87a7108e-c91b-4198-bec7-cc5101b89583"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "cef07dc9-7d12-4ece-b526-bb9a5022d68d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "3212a3b4-ef57-4585-80cc-d757b0d14c4d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "0ac23687-c4f2-4b0c-8e5c-ed3591ab77a6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ec670797-6de9-4a91-bade-2b26d4cca0cd"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "b6e778b5-62bc-429f-99ff-0a49890f4f20"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "5eba2eca-2b6d-4994-bbce-2d86cf667de5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ba159a4f-c195-4be3-af89-62c1f74aed23"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "699a2049-0666-42d6-9055-5970c9762e95"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "0b584ee6-bb6a-4878-8edd-4f47dce42910"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "d1c4f0e1-f8ec-43c0-b20a-2857e0190a05"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "376bcfd1-a1c3-4037-8b28-ca8c557615f1"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "0bcdabb5-50bd-4923-af03-8969f7a1e207"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "249f1d22-50e9-4cd6-b591-a44fbbf6382d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "23e016eb-82fd-43d5-9968-1dfc5e9862ab"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "210d3736-6507-4c6d-af74-10b8b75f70e5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "85218d03-2fca-4199-aa06-3b4a3872ddb5"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "a865a177-6e12-4582-b00d-be6227d71f1d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "a619a5e7-f4f1-47c3-ae6a-faa68b1504c4"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "04240794-c781-4ef4-888e-5922648b0d8e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "661fe3cb-97d7-437e-af6d-1b628a5e5f94"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "15e482bd-9388-47b0-b8ec-ba8c237a1058"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "55a2d927-e2ff-4e5a-bf4d-38fff382e9c6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "da95c2fe-c481-4f1e-9c73-716efdc3f654"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "be70ffab-a59f-459a-976f-794ccce51eaf"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "f1d47144-ee88-43e3-bc79-8dcbacc39d82"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ef553da9-9751-4053-a29f-999e2698def2"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "cab2655c-95cd-498a-8741-17db10c42890"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "db8b1c31-2615-4b5b-8d3b-134554c0958d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.android-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "d5dd9637-43ad-45c0-b545-8ac5500dec9e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "52285aab-f729-4bab-85b7-c9f95438a8d7"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "16058bca-2b0c-4856-b7a9-c8088652aec3"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "925e1c83-f788-4b1c-9965-2c9b68337e2f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.browser-wasm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "48ed93c8-a752-4e5f-a4f3-a8b4b3878ce6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "2edb0097-c813-4e2d-b53c-5aca91895946"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "53b8df8a-4680-472a-aa76-333094f9ec4d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "40205b3e-1d43-4be6-9603-0ffe912f34b9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "b88c728e-0f11-4264-978c-391b73126b8e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "cd84c8af-f352-459a-8dc3-1fede854a379"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "5efc246a-6fbc-4fa3-99e5-710bfa0b6d18"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "872ae514-ba47-4f20-86b8-6680dd4df487"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.ios-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "6885deb2-0295-48d6-b637-067e02974407"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "397b63b3-5e43-47a5-a26d-c7df47c505e9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "138eeaf7-889a-4e13-b0f3-6a4e88db98ad"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "dc2cf043-6d97-434b-b0ca-dd87a6a29a38"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "d1060a9b-e6a0-4c30-81ec-f9e525be1fb8"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "2c59726f-869f-441f-ae6c-f36f7c7f89ce"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "3580c5b2-ffd7-4051-92f0-64f187899b90"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "1943fc7b-951a-4ade-a24d-92d789d67aff"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "b6833474-f69d-4082-9995-32af4a63c88a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "c526cbcf-fd1d-403f-acde-50c7b74657c4"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "3ee84776-2660-4422-9400-1fe8611de64e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ed75b16a-2e92-4d7c-85a4-a6a7b6019f84"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "6857e209-4293-40e2-8ba8-cf092d9d3a21"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "f3be5003-63c6-4859-ad56-cb7ff5525355"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "0efba5b9-d708-4c9b-82ea-41346d518ab0"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.linux-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "2addef50-4815-45bc-b458-19e8c2b41543"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "f5d90a2e-62d5-4beb-86ce-5adb619be653"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "52257464-58de-464e-949d-1c5760464bc1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "24b85508-9dda-4b59-b5b4-82e4c454437f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ecf37366-6e46-4978-82eb-704543733cc1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "04cf82b3-c2ed-49f4-b22e-69299596f80d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "91ba040b-6e60-40ec-b743-d1e73bc26bab"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "7d259003-fafe-4286-afa6-0697b5bbef1e"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "dc99c022-3806-45dc-a4fb-0f12d53853a1"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "a0c53b5e-b209-427a-ab8c-b0716e7772d2"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.osx-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "cdd1c235-bd3f-4f79-8637-7848c1068f2a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "a7cee83e-d284-4077-ad0e-4774586a5898"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "972fc3d3-b841-439f-aa5d-6d8898748eab"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "79ca49f1-30a7-421a-8ff0-5e350dd7c3e6"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvos-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "be389a42-1629-413a-a099-092e03e1a40d"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ae9838f7-8e8a-4788-a01f-1ff0ccd6dfac"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "ac19e00d-1964-4caf-a8d8-a8464d7f93a9"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "92dd1e73-7bd7-4679-99bf-e1ccf3288c77"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "47608227-50d6-4042-80cc-932e6098f28c"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "53d40e1c-6ebb-4dd7-86a1-1218fc16d494"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "e3181998-ed6d-49a2-bd51-be44e2c7c99a"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "381da91c-cc4a-4005-9b19-527e09e93f75"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "329e1fde-e54f-4dec-a55a-1e594968db07"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "b9c41756-ab76-4468-a94a-9bc6145f6105"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.Mono.win-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "49057948-a562-453c-ac39-a608a891fd18"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "d7cded18-1354-487b-99a5-d648d89a9320"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "5abedca8-0922-439d-93c8-a0cb2b41065c"
},
{
"affected_range": "[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "96d5e758-3898-4a22-a92e-2b806b8587ea"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "f53ddb90-6b17-470d-966d-9a410fc9644c"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-musl-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "be2714ed-3c73-432e-a45c-0e9a7107b8cd"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.linux-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "05ae7d03-8530-4222-b61b-9c116f086f9f"
},
{
"affected_range": "[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to version 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "58373e35-ea80-4d5c-ba11-cab8d9ee6714"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.osx-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "c67c2a10-8f80-4dd6-9c6c-d06fc2054cff"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "5fd32d0f-dc56-4380-b6ed-a05db616d84a"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-arm64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "96ca9a44-0282-4c52-a5f2-820529e69e32"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x64",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "e2e78c39-f299-4c83-b53e-6ce2803263d1"
},
{
"affected_range": "[3.0.0,3.1.23),[5.0.0,5.0.15),[6.0.0,6.0.3)",
"affected_versions": "All versions starting from 3.0.0 before 3.1.23, all versions starting from 5.0.0 before 5.0.15, all versions starting from 6.0.0 before 6.0.3",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937"
],
"date": "2022-10-18",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"3.1.23",
"5.0.15",
"6.0.3"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"GHSA-c6w8-7mp3-34j9",
"CVE-2022-24512"
],
"not_impacted": "All versions before 3.0.0, all versions starting from 3.1.23 before 5.0.0, all versions starting from 5.0.15 before 6.0.0, all versions starting from 6.0.3",
"package_slug": "nuget/Microsoft.NETCore.App.Runtime.win-x86",
"pubdate": "2022-10-18",
"solution": "Upgrade to versions 3.1.23, 5.0.15, 6.0.3 or above.",
"title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"urls": [
"https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9",
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://github.com/dotnet/announcements/issues/213",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://github.com/advisories/GHSA-c6w8-7mp3-34j9"
],
"uuid": "fb7536d5-8ac6-4c0e-9135-a1882c511679"
},
{
"affected_range": "[5.0,6.0.0]",
"affected_versions": "All versions starting from 5.0 up to 6.0.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2022-05-12",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [],
"identifier": "CVE-2022-24512",
"identifiers": [
"CVE-2022-24512"
],
"not_impacted": "",
"package_slug": "nuget/System.Text.Encodings.Web",
"pubdate": "2022-03-09",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Code Injection",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512"
],
"uuid": "3e03e60f-954d-44b4-94f2-38bb9bac4d86"
},
{
"affected_range": "[7.0,7.0.9),[7.1,7.1.6),[7.2,7.2.2)",
"affected_versions": "All versions starting from 7.0 before 7.0.9, all versions starting from 7.1 before 7.1.6, all versions starting from 7.2 before 7.2.2",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"cwe_ids": [
"CWE-1035",
"CWE-937"
],
"date": "2023-06-29",
"description": ".NET and Visual Studio Remote Code Execution Vulnerability.",
"fixed_versions": [
"7.0.9",
"7.1.6",
"7.2.2"
],
"identifier": "CVE-2022-24512",
"identifiers": [
"CVE-2022-24512"
],
"not_impacted": "",
"package_slug": "nuget/powershell",
"pubdate": "2022-03-09",
"solution": "Upgrade to version 7.0.9, 7.1.6, 7.2.2 or above.",
"title": "Remote Code Execution",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2022-24512",
"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF/"
],
"uuid": "c11f56e3-806c-44bd-a7ee-12bc81a4e13b"
}
]
},
"nvd.nist.gov": {
"cve": {
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8F02D5C-61F1-4381-8D64-8BEB5CED0DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "1DE0C8DD-9C73-4876-8193-068F18074B58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:.net_core:3.1:-:*:*:*:*:*:*",
"matchCriteriaId": "70BE107E-20A0-4998-A8ED-BCC414C6BDBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77F72A4A-239D-4362-B42C-2B125FD977AB",
"versionEndExcluding": "7.0.9",
"versionStartIncluding": "7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A2C644EF-33B6-440F-8051-6A0D3C096F67",
"versionEndExcluding": "7.1.6",
"versionStartIncluding": "7.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD5CE10E-FCBF-4FBA-9B4E-BEB7F7E902A1",
"versionEndExcluding": "7.2.2",
"versionStartIncluding": "7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6222A0C-EC9B-4AB2-A89F-5D62B381A212",
"versionEndIncluding": "16.6.4",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "367AC9B2-D639-40F6-93FB-822F73E65C30",
"versionEndExcluding": "16.7.26",
"versionStartIncluding": "16.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC9599DF-664B-4630-9FCD-7FCD846728A1",
"versionEndIncluding": "16.8.7",
"versionStartIncluding": "16.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4338A4F9-0FE2-40F4-B184-86B9F5EF1EED",
"versionEndExcluding": "16.9.18",
"versionStartIncluding": "16.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6E2777-4D9B-4710-9575-250B04E1AE0C",
"versionEndIncluding": "16.10.4",
"versionStartIncluding": "16.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F1265006-B9CB-4E89-B6E8-F9EC1D6C7405",
"versionEndExcluding": "16.11.11",
"versionStartIncluding": "16.11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C72810F-D156-49CE-A325-7E6A63C9E4A3",
"versionEndExcluding": "17.0.7",
"versionStartIncluding": "17.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
"matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Una vulnerabilidad de Ejecuci\u00f3n de C\u00f3digo Remota en .NET y Visual Studio"
}
],
"id": "CVE-2022-24512",
"lastModified": "2023-12-21T01:43:55.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "secure@microsoft.com",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2022-03-09T17:15:15.737",
"references": [
{
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
}
],
"sourceIdentifier": "secure@microsoft.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
}
}
}
cve-2022-24512
Vulnerability from osv_almalinux
Published
2022-03-10 14:43
Modified
2022-03-13 13:19
Summary
Important: .NET 6.0 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-host"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.3-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-6.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "netstandard-targeting-pack-2.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.0.103-4.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0826",
"modified": "2022-03-13T13:19:00Z",
"published": "2022-03-10T14:43:46Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512"
],
"summary": "Important: .NET 6.0 security and bugfix update"
}
cve-2022-24512
Vulnerability from osv_almalinux
Published
2022-03-10 14:44
Modified
2022-03-11 16:01
Summary
Important: .NET Core 3.1 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-3.1-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.23-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-3.1"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.1.417-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0827",
"modified": "2022-03-11T16:01:22Z",
"published": "2022-03-10T14:44:29Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8927"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512",
"CVE-2020-8927"
],
"summary": "Important: .NET Core 3.1 security and bugfix update"
}
cve-2022-24512
Vulnerability from osv_almalinux
Published
2022-03-10 14:46
Modified
2022-03-11 16:01
Summary
Important: .NET 5.0 security and bugfix update
Details
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.
Security Fix(es):
-
dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
-
dotnet: double parser stack buffer overrun (CVE-2022-24512)
-
brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-runtime-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "aspnetcore-targeting-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-apphost-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-hostfxr-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-runtime-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-sdk-5.0-source-built-artifacts"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-targeting-pack-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.15-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "dotnet-templates-5.0"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.212-1.el8_5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": ".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.\n\nSecurity Fix(es):\n\n* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)\n\n* dotnet: double parser stack buffer overrun (CVE-2022-24512)\n\n* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"id": "ALSA-2022:0830",
"modified": "2022-03-11T16:01:23Z",
"published": "2022-03-10T14:46:56Z",
"references": [
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-8927"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24464"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2022-24512"
}
],
"related": [
"CVE-2022-24464",
"CVE-2022-24512",
"CVE-2020-8927"
],
"summary": "Important: .NET 5.0 security and bugfix update"
}
CERTFR-2022-AVI-226
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans Microsoft .Net. Elles permettent à un attaquant de provoquer une exécution de code à distance et un déni de service.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | |
|---|---|---|---|
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": ".NET Core 3.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 6.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": ".NET 5.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-226",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft .Net\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code \u00e0 distance et un d\u00e9ni de service.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft .Net",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
CERTFR-2022-AVI-227
Vulnerability from certfr_avis - Published: 2022-03-09 - Updated: 2022-03-09
De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une exécution de code à distance, un déni de service, une usurpation d'identité, un contournement de la fonctionnalité de sécurité, une atteinte à la confidentialité des données et une élévation de privilèges.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Microsoft | N/A | Microsoft Exchange Server 2013 Cumulative Update 23 | ||
| Microsoft | N/A | Skype Extension pour Chrome | ||
| Microsoft | Azure | Azure Site Recovery VMWare to Azure | ||
| Microsoft | N/A | Microsoft Visual Studio 2022 version 17.0 | ||
| Microsoft | N/A | HEIF Image Extension | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 21 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 11 | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) | ||
| Microsoft | N/A | Microsoft Exchange Server 2016 Cumulative Update 22 | ||
| Microsoft | N/A | HEVC Video Extensions | ||
| Microsoft | N/A | Raw Image Extension | ||
| Microsoft | N/A | Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | ||
| Microsoft | N/A | VP9 Video Extensions | ||
| Microsoft | N/A | Visual Studio Code | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 32 bits | ||
| Microsoft | N/A | Microsoft Exchange Server 2019 Cumulative Update 10 | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Android | ||
| Microsoft | N/A | HEVC Video Extension | ||
| Microsoft | N/A | Intune Company Portal pour iOS | ||
| Microsoft | N/A | Paint 3D | ||
| Microsoft | N/A | Microsoft Defender pour IoT | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Linux | ||
| Microsoft | N/A | Microsoft Defender pour Endpoint pour Mac | ||
| Microsoft | N/A | Microsoft 365 Apps pour Enterprise pour systèmes 64 bits |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Microsoft Exchange Server 2013 Cumulative Update 23",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Skype Extension pour Chrome",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Azure Site Recovery VMWare to Azure",
"product": {
"name": "Azure",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2022 version 17.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEIF Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 21",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.7 (includes 16.0 \u2013 16.6)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 11",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2016 Cumulative Update 22",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Raw Image Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "VP9 Video Extensions",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Visual Studio Code",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 32 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Exchange Server 2019 Cumulative Update 10",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Android",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "HEVC Video Extension",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Intune Company Portal pour iOS",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Paint 3D",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour IoT",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Linux",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft Defender pour Endpoint pour Mac",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
},
{
"description": "Microsoft 365 Apps pour Enterprise pour syst\u00e8mes 64 bits",
"product": {
"name": "N/A",
"vendor": {
"name": "Microsoft",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2022-24515",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24515"
},
{
"name": "CVE-2022-24526",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24526"
},
{
"name": "CVE-2022-24520",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24520"
},
{
"name": "CVE-2022-24469",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24469"
},
{
"name": "CVE-2022-23266",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23266"
},
{
"name": "CVE-2022-24509",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24509"
},
{
"name": "CVE-2022-24519",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24519"
},
{
"name": "CVE-2022-24456",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24456"
},
{
"name": "CVE-2022-24452",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24452"
},
{
"name": "CVE-2022-24453",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24453"
},
{
"name": "CVE-2022-24470",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24470"
},
{
"name": "CVE-2022-24462",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24462"
},
{
"name": "CVE-2022-24501",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24501"
},
{
"name": "CVE-2022-23277",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23277"
},
{
"name": "CVE-2022-24468",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24468"
},
{
"name": "CVE-2022-23282",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23282"
},
{
"name": "CVE-2022-24471",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24471"
},
{
"name": "CVE-2022-23300",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23300"
},
{
"name": "CVE-2022-23278",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23278"
},
{
"name": "CVE-2022-23265",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23265"
},
{
"name": "CVE-2022-24464",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24464"
},
{
"name": "CVE-2022-22007",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22007"
},
{
"name": "CVE-2022-24517",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24517"
},
{
"name": "CVE-2022-24510",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24510"
},
{
"name": "CVE-2022-23295",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23295"
},
{
"name": "CVE-2020-8927",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8927"
},
{
"name": "CVE-2022-24451",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24451"
},
{
"name": "CVE-2022-24461",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24461"
},
{
"name": "CVE-2022-24506",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24506"
},
{
"name": "CVE-2022-24512",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24512"
},
{
"name": "CVE-2022-24511",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24511"
},
{
"name": "CVE-2022-24518",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24518"
},
{
"name": "CVE-2022-24457",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24457"
},
{
"name": "CVE-2022-24522",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24522"
},
{
"name": "CVE-2022-23301",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-23301"
},
{
"name": "CVE-2022-24463",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24463"
},
{
"name": "CVE-2022-22006",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-22006"
},
{
"name": "CVE-2022-24465",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24465"
},
{
"name": "CVE-2022-24467",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-24467"
}
],
"initial_release_date": "2022-03-09T00:00:00",
"last_revision_date": "2022-03-09T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24509 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24509"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24471 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24471"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24518 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24518"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23282 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23282"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22006 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22006"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24467 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24467"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24453 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24453"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23301 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23301"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2020-8927 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2020-8927"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24515 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24515"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24462 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24462"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24469 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24469"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24520 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24520"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24456 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24456"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23277 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23277"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24468 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24468"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24512 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24526 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24526"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24470 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24470"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24517 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24517"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24501 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24501"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23295 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23295"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-22007 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22007"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24461 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24461"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24465 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24465"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24522 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24522"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24519 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24519"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24463 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24463"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23278 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23278"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23265 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23265"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24457 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24457"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23266 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23266"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24511 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24511"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24452 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24452"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-23300 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-23300"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24451 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24451"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24506 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24506"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24510 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24510"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft CVE-2022-24464 du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24464"
}
],
"reference": "CERTFR-2022-AVI-227",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-09T00:00:00.000000"
}
],
"risks": [
{
"description": "Usurpation d\u0027identit\u00e9"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une ex\u00e9cution de code \u00e0 distance, un d\u00e9ni de\nservice, une usurpation d\u0027identit\u00e9, un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9, une atteinte \u00e0 la confidentialit\u00e9 des\ndonn\u00e9es et une \u00e9l\u00e9vation de privil\u00e8ges.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 08 mars 2022",
"url": "https://msrc.microsoft.com/update-guide/"
}
]
}
bit-dotnet-2022-24512
Vulnerability from bitnami_vulndb
Published
2024-03-06 10:58
Modified
2025-05-20 10:02
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Details
.NET and Visual Studio Remote Code Execution Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "dotnet",
"purl": "pkg:bitnami/dotnet"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.1"
},
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.1"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-24512"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:.net:5.0:*:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:6.0.0:-:*:*:*:*:*:*",
"cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": ".NET and Visual Studio Remote Code Execution Vulnerability",
"id": "BIT-dotnet-2022-24512",
"modified": "2025-05-20T10:02:07.006Z",
"published": "2024-03-06T10:58:23.161Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
}
],
"schema_version": "1.5.0",
"summary": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
bit-powershell-2022-24512
Vulnerability from bitnami_vulndb
Published
2025-09-04 17:48
Modified
2025-09-04 18:07
Summary
.NET and Visual Studio Remote Code Execution Vulnerability
Details
.NET and Visual Studio Remote Code Execution Vulnerability
{
"affected": [
{
"package": {
"ecosystem": "Bitnami",
"name": "powershell",
"purl": "pkg:bitnami/powershell"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.9"
},
{
"introduced": "7.1.0"
},
{
"fixed": "7.1.6"
},
{
"introduced": "7.2.0"
},
{
"fixed": "7.2.2"
}
],
"type": "SEMVER"
}
],
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
]
}
],
"aliases": [
"CVE-2022-24512"
],
"database_specific": {
"cpes": [
"cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*"
],
"severity": "Medium"
},
"details": ".NET and Visual Studio Remote Code Execution Vulnerability",
"id": "BIT-powershell-2022-24512",
"modified": "2025-09-04T18:07:55.535Z",
"published": "2025-09-04T17:48:40.428Z",
"references": [
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
}
],
"schema_version": "1.6.2",
"summary": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
GHSA-C6W8-7MP3-34J9
Vulnerability from github – Published: 2022-10-18 21:46 – Updated: 2024-04-22 18:51
VLAI?
Summary
.NET Remote Code Execution Vulnerability
Details
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine.
Patches
- Any .NET 6.0 application running on .NET 6.0.2 or lower
- Any .NET 5.0 application running on .NET 5.0.14 or lower
- Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower
To fix the issue, please install the latest version of .NET 6.0, .NET 5.0, or .NET Core 3.1. If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs.
- If you're using .NET 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.103 (for Visual Studio 2019 v17.0) or SDK 6.0.201 (for Visual Studio 2019 V17.1) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
- If you're using .NET 5.0, you should download and install Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2019 V16.9) from https://dotnet.microsoft.com/download/dotnet-core/5.0.
- If you're using .NET Core 3.1, you should download and install Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7) from https://dotnet.microsoft.com/download/dotnet-core/3.1. .NET 6.0, .NET 5.0, and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type "Check for updates" in your Windows search, or open Settings, choose Update & Security and then click Check for Updates.
Other Details
- Announcement for this issue can be found at dotnet/announcements#213
- An Issue for this can be found at https://github.com/dotnet/runtime/issues/66348
- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512
Severity ?
6.3 (Medium)
{
"affected": [
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "3.0.0"
},
{
"fixed": "3.1.23"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "5.0.0"
},
{
"fixed": "5.0.15"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.Mono.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.osx-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-arm64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x64"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "NuGet",
"name": "Microsoft.NETCore.App.Runtime.win-x86"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-24512"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": true,
"github_reviewed_at": "2022-10-18T21:46:08Z",
"nvd_published_at": "2022-03-09T17:15:00Z",
"severity": "MODERATE"
},
"details": "Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\nA Remote Code Execution vulnerability exists in .NET 6.0, .NET 5.0, and .NET Core 3.1 where a stack buffer overrun occurs in .NET Double Parse routine.\n\n### Patches\n* Any .NET 6.0 application running on .NET 6.0.2 or lower\n* Any .NET 5.0 application running on .NET 5.0.14 or lower\n* Any .NET Core 3.1 application running on .NET Core 3.1.22 or lower\n\nTo fix the issue, please install the latest version of .NET 6.0, .NET 5.0, or .NET Core 3.1. If you have installed one or more .NET Core SDKs through Visual Studio, Visual Studio will prompt you to update Visual Studio, which will also update your .NET Core SDKs.\n\n* If you\u0027re using .NET 6.0, you should download and install Runtime 6.0.3 or SDK 6.0.103 (for Visual Studio 2019 v17.0) or SDK 6.0.201 (for Visual Studio 2019 V17.1) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n* If you\u0027re using .NET 5.0, you should download and install Runtime 5.0.15 or SDK 5.0.406 (for Visual Studio 2019 v16.11) or SDK 5.0.212 (for Visual Studio 2019 V16.9) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n* If you\u0027re using .NET Core 3.1, you should download and install Runtime 3.1.23 or SDK 3.1.417 (for Visual Studio 2019 v16.7) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n.NET 6.0, .NET 5.0, and .NET Core 3.1 updates are also available from Microsoft Update. To access this either type \"Check for updates\" in your Windows search, or open Settings, choose Update \u0026 Security and then click Check for Updates.\n\n### Other Details\n\n- Announcement for this issue can be found at dotnet/announcements#213\n- An Issue for this can be found at https://github.com/dotnet/runtime/issues/66348\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512",
"id": "GHSA-c6w8-7mp3-34j9",
"modified": "2024-04-22T18:51:00Z",
"published": "2022-10-18T21:46:08Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/dotnet/runtime/security/advisories/GHSA-c6w8-7mp3-34j9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-24512"
},
{
"type": "WEB",
"url": "https://github.com/dotnet/announcements/issues/213"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CIJGCVKLHVNLFBTEYJGWS43QG5DYJFBL"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRGSPXMZY4RM2L35FYHCXBFROLC23B2V"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OS2Q4NPRSARP7GHLKFLIYHFOPSYDO6MK"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-24512"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-24512"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
}
],
"summary": ".NET Remote Code Execution Vulnerability"
}
CVE-2022-24512
Vulnerability from fstec - Published: 10.05.2022
VLAI Severity ?
Title
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость средства разработки программного обеспечения Microsoft Visual Studio и программной платформы Microsoft.NET Framework связана с копированием буфера без проверки размера входных данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, выполнить произвольный код
Severity ?
Vendor
Microsoft Corp, IBM Corp.
Software Name
.NET Core, PowerShell, Microsoft Visual Studio 2019, Microsoft .NET Framework 5.0, Microsoft Visual Studio 2022, Microsoft .NET Framework 6.0, IBM Robotic Process Automation
Software Version
3.1 (.NET Core), 7.0 (PowerShell), от 16.0 до 16.6 включительно (Microsoft Visual Studio 2019), от 16.0 до 16.8 включительно (Microsoft Visual Studio 2019), - (Microsoft .NET Framework 5.0), 17.0 (Microsoft Visual Studio 2022), 7.2 (PowerShell), 7.1 (PowerShell), - (Microsoft .NET Framework 6.0), от 16.0 до 16.10 включительно (Microsoft Visual Studio 2019), до 21.0.2.3 (IBM Robotic Process Automation)
Possible Mitigations
Использование рекомендаций:
Для программных продуктов Microsoft Corp.:
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512
Для программных продуктов IBM Corp.:
http://www.ibm.com/support/pages/node/6614449
Reference
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512
http://www.ibm.com/support/pages/node/6614449
CWE
CWE-120
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "TO708, TO712, TO714, TO716",
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": "TO708 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.30, TO712 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.7.27, TO714 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.9.26, TO716 \u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 Visual Studio 2019 16.11.21",
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Microsoft Corp, IBM Corp.",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "3.1 (.NET Core), 7.0 (PowerShell), \u043e\u0442 16.0 \u0434\u043e 16.6 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), \u043e\u0442 16.0 \u0434\u043e 16.8 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), - (Microsoft .NET Framework 5.0), 17.0 (Microsoft Visual Studio 2022), 7.2 (PowerShell), 7.1 (PowerShell), - (Microsoft .NET Framework 6.0), \u043e\u0442 16.0 \u0434\u043e 16.10 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Microsoft Visual Studio 2019), \u0434\u043e 21.0.2.3 (IBM Robotic Process Automation)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Microsoft Corp.:\nhttps://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 IBM Corp.:\nhttp://www.ibm.com/support/pages/node/6614449",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "10.05.2022",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "31.07.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "05.09.2022",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-05516",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2022-24512",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": ".NET Core, PowerShell, Microsoft Visual Studio 2019, Microsoft .NET Framework 5.0, Microsoft Visual Studio 2022, Microsoft .NET Framework 6.0, IBM Robotic Process Automation",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445 (\u043a\u043b\u0430\u0441\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0435 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430) (CWE-120)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u043a\u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Microsoft Visual Studio \u0438 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b Microsoft.NET Framework \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0431\u0435\u0437 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 \u0440\u0430\u0437\u043c\u0435\u0440\u0430 \u0432\u0445\u043e\u0434\u043d\u044b\u0445 \u0434\u0430\u043d\u043d\u044b\u0445. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u043e\u043a\u0430\u043c\u0438 \u0438 \u0441\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435\u043c",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-24512\nhttp://www.ibm.com/support/pages/node/6614449",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-120",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 6,3)"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…