GHSA-x5qj-9vmx-7g6g · Severity: medium · Ecosystem: nuget — Improper Input Validation in .Net Framework API's
A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's, aka '.NET Framework and Visual Studio Spoofing Vulnerability'.
Conclusion & alert: CVE-2019-0657 is rated Moderate Risk (51.7/100): CVSS Medium severity, with high exploitation likelihood (EPSS 4.52%, 90th percentile). Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 8.02% | 4.52% | -3.50% |
| 2 | 2026-02-28 | 4.80% | 8.02% | +3.21% |
| 3 | 2026-02-04 | — | 4.80% | — |
Full EPSS history (26 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 5.9 | 3.0 | MEDIUM |
|
2.2 | 3.6 | [email protected] |
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
GHSA-x5qj-9vmx-7g6g · Severity: medium · Ecosystem: nuget — Improper Input Validation in .Net Framework API's
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2019-0657 |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| microsoft | .net_core | 1.0 | cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:* |
| microsoft | .net_core | 2.1 | cpe:2.3:a:microsoft:.net_core:2.1:*:*:*:*:*:*:* |
| microsoft | .net_core | 2.2 | cpe:2.3:a:microsoft:.net_core:2.2:*:*:*:*:*:*:* |
| microsoft | powershell_core | 6.0 | cpe:2.3:a:microsoft:powershell_core:6.0:*:*:*:*:*:*:* |
| microsoft | powershell_core | 6.1 | cpe:2.3:a:microsoft:powershell_core:6.1:*:*:*:*:*:*:* |
| microsoft | visual_studio_2017 | — | cpe:2.3:a:microsoft:visual_studio_2017:-:*:*:*:*:*:*:* |
| microsoft | visual_studio_2017 | 15.9 | cpe:2.3:a:microsoft:visual_studio_2017:15.9:*:*:*:*:*:*:* |
| microsoft | .net_framework | 2.0 | cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:* |
| microsoft | .net_framework | 3.0 | cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:* |
| microsoft | .net_framework | 3.5 | cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:* |
| microsoft | .net_framework | 3.5.1 | cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.5.2 | cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.6 | cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.6.2 | cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.7 | cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.7.1 | cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.7.2 | cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:* |
| microsoft | .net_framework | 4.6.1 | cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/106890 | Third Party Advisory VDB Entry |
| https://access.redhat.com/errata/RHSA-2019:0349 | Third Party Advisory |
| https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0657 | Patch Vendor Advisory |