Home > Vulnerability Database > CVE-2024-54138

Mend.io Vulnerability Database

CVE-2024-54138

Date: December 6, 2024

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06.

Language: C#

Severity Score

6.1

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-54138

Url: https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-x448-p234-x5p8

Url: https://github.com/NuGet/NuGetGallery/pull/10296

Url: https://www.mend.io/vulnerability-database/CVE-2024-54138

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-54138

Date: December 6, 2024

Language: C#

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?