CVE-2022-30184
medium
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
5.5
Description
RHSA-2022:5061: .NET Core 3.1 security and bugfix update (Moderate)
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Red Hat Fixed 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 9 | Fixed | โ |
| 8 | Fixed | โ |
Rocky Linux Fixed 1 release
| Version | Status | Fixed in |
|---|---|---|
| 8 | Fixed | โ |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| NuGet | NuGet.Commands | >=3.5.0,<4.9.5 | 4.9.5 |
| NuGet | NuGet.CommandLine | >=3.5.0,<4.9.5 | 4.9.5 |
| NuGet | NuGet.CommandLine.XPlat | >=3.5.0,<4.9.5 | 4.9.5 |
| NuGet | NuGet.Commands | >=5.0.0,<5.2.1 | 5.2.1 |
| NuGet | NuGet.Commands | >=5.3.0,<5.7.2 | 5.7.2 |
| NuGet | NuGet.Commands | >=5.8.0,<5.9.2 | 5.9.2 |
| NuGet | NuGet.Commands | >=5.10.0,<5.11.2 | 5.11.2 |
| NuGet | NuGet.Commands | >=6.0.0,<6.0.2 | 6.0.2 |
| NuGet | NuGet.Commands | >=6.1.0,<6.2.1 | 6.2.1 |
| NuGet | NuGet.CommandLine | >=5.0.0,<5.2.1 | 5.2.1 |
| NuGet | NuGet.CommandLine | >=5.3.0,<5.7.2 | 5.7.2 |
| NuGet | NuGet.CommandLine | >=5.8.0,<5.9.2 | 5.9.2 |
| NuGet | NuGet.CommandLine | >=5.10.0,<5.11.2 | 5.11.2 |
| NuGet | NuGet.CommandLine | >=6.0.0,<6.0.2 | 6.0.2 |
| NuGet | NuGet.CommandLine | >=6.1.0,<6.2.1 | 6.2.1 |
| NuGet | NuGet.CommandLine.XPlat | >=5.0.0,<5.2.1 | 5.2.1 |
| NuGet | NuGet.CommandLine.XPlat | >=5.3.0,<5.7.2 | 5.7.2 |
| NuGet | NuGet.CommandLine.XPlat | >=5.8.0,<5.9.2 | 5.9.2 |
| NuGet | NuGet.CommandLine.XPlat | >=5.10.0,<5.11.2 | 5.11.2 |
| NuGet | NuGet.CommandLine.XPlat | >=6.0.0,<6.0.2 | 6.0.2 |
| NuGet | NuGet.CommandLine.XPlat | >=6.1.0,<6.2.1 | 6.2.1 |
References
- https://access.redhat.com/errata/RHSA-2022:5050
- https://errata.rockylinux.org/RLSA-2022:5061
- https://errata.rockylinux.org/RLSA-2022:5046
- https://github.com/NuGet/NuGet.Client/security/advisories/GHSA-3885-8gqc-3wpf
- https://nvd.nist.gov/vuln/detail/CVE-2022-30184
- https://github.com/NuGet/Home/issues/11883#issuecomment-1156194755
- https://github.com/NuGet/NuGet.Client/commit/ec6e62a645ec6b53a8784bf4571cac7786fd700b#diff-9e678e6dcc29381eb7c564f0e75ffc3ffc35458eca412c35b6404340b698d074R58-R65
- https://github.com/NuGet/NuGet.Client
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DMP34G53EA2DBTBLFOAQCDZRRENE2EA2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XWNH4AC3LFVX35MDRX5OBZDGD2AMH66K
- https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30184
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-30184
- https://access.redhat.com/errata/RHSA-2022:5046
- https://access.redhat.com/errata/RHSA-2022:5061
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.