GHSA-jcmq-5rrv-j2g4: 
C# vulnerability analysis and mitigation

A remote code execution vulnerability (GHSA-jcmq-5rrv-j2g4/CVE-2020-0605) was discovered in PowerShell and .NET Framework, affecting PowerShell versions prior to 7.0.0-RC.2. The vulnerability was published on May 14, 2020, and stems from the software's failure to properly check the source markup of files. This security issue affects PowerShell Core versions prior to 7.0.0, while version 6.2 was noted as not affected (GitHub Advisory).

The vulnerability has been assigned a High severity rating with a CVSS score of 8.8. The CVSS metrics indicate a Network attack vector, Low attack complexity, No privileges required, and Required user interaction. The vulnerability maintains an Unchanged scope with High impact ratings for Confidentiality, Integrity, and Availability (GitHub Advisory).

If successfully exploited, the vulnerability allows attackers to execute arbitrary code in the context of the current user. For users with administrative rights, this could lead to complete system compromise, enabling attackers to install programs, modify or delete data, and create new accounts with full user rights. Users with limited system privileges may experience less severe impacts (GitHub Advisory).

The vulnerability was addressed in PowerShell 7.0.0 by correcting how .NET Framework checks the source markup of files. Users are advised to upgrade to the patched version by following the PowerShell installation instructions. While downgrading to a previous version is possible as a temporary measure, it's recommended to update scripts or modules to work with the patched version (GitHub Advisory).