GHSA-g5vf-38cp-4px9
GitHub Security Advisory
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
✓ GitHub Reviewed
HIGH
Has CVE
Advisory Details
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
Affected Packages
NuGet
Microsoft.NETCore.App
Affected versions:
2.1.0
(fixed in 2.1.20)
NuGet
Microsoft.NETCore.App.Runtime.linux-arm
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.linux-arm64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.linux-musl-arm64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.linux-musl-x64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.linux-x64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.osx-x64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.rhel.6-x64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.win-arm
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.win-arm64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.win-x64
Affected versions:
3.1.0
(fixed in 3.1.6)
NuGet
Microsoft.NETCore.App.Runtime.win-x86
Affected versions:
3.1.0
(fixed in 3.1.6)
Related CVEs
Key Information
7.5
/10
Dataset
Last updated: July 28, 2025 6:37 AM
Data from GitHub Advisory Database. This information is provided for research and educational purposes.