A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka ‘NuGetGallery Spoofing Vulnerability’.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1340
Reference (s):
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1340