-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| NuGet.Commands | nuget | >= 5.0.0, < 5.0.2 | 5.0.2 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from improper permission handling when creating the intermediate build folder ('obj'). The GitHub issue (#7908) and commit e32a2ea show the fix involved replacing DirectoryUtility.CreateSharedDirectory with Directory.CreateDirectory in NoOpRestoreUtilities. This aligns with CWE-732, as the original method likely introduced overly permissive permissions. The custom CreateSharedDirectory method was designed for shared temporary directories but misapplied here, creating a security boundary violation for the 'obj' folder.