XSS in Nuget Nugetgallery

CVE-2024-54138

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.008 (73.5th percentile) — read the EPSS interpretation.

Affected products

Nuget Nugetgallery — versions < 2024.12.06

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-x448-p234-x5p8 (x_refsource_CONFIRM)
https://github.com/NuGet/NuGetGallery/pull/10296 (x_refsource_MISC)