Microsoft Nugetgallery vulnerabilities
4 known vulnerabilities affecting microsoft/nugetgallery.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2024-47604P4MEDIUMCVSS 6.1≥ 2024.06.21, < 2024.09.252024-10-01
CVE-2024-47604 [MEDIUM] CWE-79 CVE-2024-47604: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.
nvd
CVE-2024-37304P4MEDIUMCVSS 6.1fixed in 2024.05.282024-06-12
CVE-2024-37304 [MEDIUM] CWE-79 CVE-2024-37304: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cro
nvd
CVE-2024-54138P4MEDIUMCVSS 6.1fixed in 2024.12.062024-12-06
CVE-2024-54138 [MEDIUM] CWE-79 CVE-2024-54138: NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnera
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cro
nvd
CVE-2020-1340P4MEDIUMCVSS 5.4fixed in 2020.06.09vunspecified2020-06-09
CVE-2020-1340 [MEDIUM] CWE-79 CVE-2020-1340: A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package me
A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'.
nvd