A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.

Affected Packages

NuGet Microsoft.WindowsDesktop.App.Ref

Affected versions: 3.0.1 (fixed in 3.0.2)

NuGet Microsoft.WindowsDesktop.App.Ref

Affected versions: 3.1.0 (fixed in 3.1.1)

NuGet Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected versions: 3.0.0 (fixed in 3.0.2)

NuGet Microsoft.WindowsDesktop.App.Runtime.win-x86

Affected versions: 3.1.0 (fixed in 3.1.11)

NuGet Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected versions: 3.0.0 (fixed in 3.0.2)

NuGet Microsoft.WindowsDesktop.App.Runtime.win-x64

Affected versions: 3.1.0 (fixed in 3.1.11)

Related CVEs

CVE-2020-0606

Key Information

GHSA ID

GHSA-r4mw-gxf7-vxr9

Published

May 24, 2022 5:06 PM

Last Modified

July 28, 2022 10:08 PM

CVSS Score

7.5 /10

Primary Ecosystem

NuGet

Primary Package

Microsoft.WindowsDesktop.App.Ref

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.