Edward Thomson

**Name of the Vulnerable Software and Affected Versions** - NuGet versions 6.3.0 and earlier - NuGet versions 6.2.1 and earlier - NuGet versions 6.0.2 and earlier - NuGet versions 5.11.2 and earlier - NuGet versions 5.9.2 and earlier - NuGet versions 5.7.2 and earlier - NuGet versions 4.9.5 and earlier - .NET 6.0 versions prior to 6.0.10 - .NET Core 3.1 versions prior to 3.1.30 **Description** A vulnerability exists in .NET and NuGet clients where a malicious actor could cause a user to execute arbitrary code. This issue is related to insufficient access control. **Recommendations** - If you're using NuGet.exe 6.3.0 or lower, download and install 6.3.1. - If you're using NuGet.exe 6.2.1 or lower, download and install 6.2.2. - If you're using NuGet.exe 6.0.2 or lower, download and install 6.0.3. - If you're using NuGet.exe 5.11.2 or lower, download and install 5.11.3. - If you're using NuGet.exe 5.9.2 or lower, download and install 5.9.3. - If you're using NuGet.exe 5.7.2 or lower, download and install 5.7.3. - If you're using NuGet.exe 4.9.5 or lower, download and install 4.9.6. - If you're using .NET Core 6.0, download and install Runtime 6.0.10 or SDK 6.0.110. - If you're using .NET Core 3.1, download and install Runtime 3.1.30 or SDK 3.1.424.