Microsoft Package Manager Configurations — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Package Manager Configurations, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2020-36327 — CVSS 8.8 (high): Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which…
CVE-2021-24105 — CVSS 8.4 (high): <p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package…