Vulnerabilities > Microsoft > Package Manager Configurations > High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-04-29	CVE-2020-36327	Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. network low complexity bundler fedoraproject microsoft	8.8
2021-02-25	CVE-2021-24105	Unspecified vulnerability in Microsoft Package Manager Configurations <p>Depending on configuration of various package managers it is possible for an attacker to insert a malicious package into a package manager's repository which can be retrieved and used during development, build, and release processes. local low complexity microsoft	8.4

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.