An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities. NuGet is a Microsoft-supported mechanism for the the.NET platform and functions as a package manager designed to enable developers to share reusable code. The researchers established that more than 50,000 software components extracted from NuGet packages were linked to a vulnerable version of “zlib” data compression library, rendering them at risk of several known security issues.
Source: https://thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html