CVE-2024-54138: XSS Vulnerability in NuGetGallery's Markdown Autolinks Processing
First published: Fri Dec 06 2024(Updated: )
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NuGet Gallery | <2024.12.06 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-54138?
CVE-2024-54138 is considered a moderate severity vulnerability due to its impact on the handling of autolinks in Markdown content.
How do I fix CVE-2024-54138?
To fix CVE-2024-54138, update your NuGet Gallery to version 2024.12.06 or later.
What type of vulnerability is CVE-2024-54138?
CVE-2024-54138 is a security vulnerability related to improper sanitization of autolinks in Markdown content.
Which versions of NuGet Gallery are affected by CVE-2024-54138?
CVE-2024-54138 affects all versions of NuGet Gallery prior to 2024.12.06.
Is there a public advisory for CVE-2024-54138?
Yes, a public advisory regarding CVE-2024-54138 is available on the NuGet GitHub repository.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/first-publish-date
- agent/type
- collector/nvd-api
- source/NVD
- agent/severity
- agent/author
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/nuget gallery