Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.
CVSS Score
6.5
EPSS Score
0.001
Published
2018-09-26
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVSS Score
7.5
EPSS Score
0.002
Published
2017-09-30