{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:41:56.579","vulnerabilities":[{"cve":{"id":"CVE-2019-1354","sourceIdentifier":"secure@microsoft.com","published":"2020-01-24T21:15:12.987","lastModified":"2024-11-21T04:36:32.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"A remote code execution vulnerability exists when Git for Visual Studio improperly sanitizes input, aka 'Git for Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387."},{"lang":"es","value":"Se presenta una vulnerabilidad de ejecución de código remota cuando Git para Visual Studio sanea inapropiadamente la entrada, también se conoce como \"Git for Visual Studio Remote Code Execution Vulnerability\". Este ID de CVE es diferente de CVE-2019-1349, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-20"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*","versionStartIncluding":"15.0","versionEndExcluding":"15.9.18","matchCriteriaId":"10449533-62C1-48C0-83DA-DE23AB348D78"},{"vulnerable":true,"criteria":"cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*","versionStartIncluding":"16.0","versionEndExcluding":"16.4.1","matchCriteriaId":"82C0D6F5-7300-418C-8024-24741B226036"}]}]}],"references":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html","source":"secure@microsoft.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","source":"secure@microsoft.com"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354","source":"secure@microsoft.com","tags":["Patch","Vendor Advisory"]},{"url":"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/","source":"secure@microsoft.com"},{"url":"https://security.gentoo.org/glsa/202003-30","source":"secure@microsoft.com"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00056.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00003.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1354","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"https://public-inbox.org/git/xmqqr21cqcn9.fsf%40gitster-ct.c.googlers.com/","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://security.gentoo.org/glsa/202003-30","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}