CVE-2024-47604
- Source
- https://cve.org/CVERecord?id=CVE-2024-47604
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47604.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-47604
- Aliases
-
- GHSA-hq63-27r7-2j64
- Published
- 2024-10-01T15:26:18.383Z
- Modified
- 2025-12-05T06:33:33.033217Z
- Severity
-
- 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N CVSS Calculator
- Summary
- XSS vulnerability in NuGetGallery HTML attributes handling
- Details
-
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.
- Database specific
{ "cwe_ids": [ "CWE-79" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47604.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47604.json
- https://github.com/NuGet/NuGetGallery/commit/3a18689dd0de856e03d081af999783f0e6e7ca70
- https://github.com/NuGet/NuGetGallery/pull/10193
- https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-hq63-27r7-2j64
- https://nvd.nist.gov/vuln/detail/CVE-2024-47604
Affected packages
Git / github.com/nuget/nugetgallery
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nuget/nugetgallery
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
3.*
3.0.269-r-develop-octov3-1-ApiApps
3.0.393-r-master
3.0.434-r4-master-NuGet
3.0.474-r-master-NuGet
3.0.490-r-master-NuGet
3.0.501-r-master-NuGet
3.0.506-r-master-NuGet
3.0.507-r-master-NuGet
3.0.510-r-master-NuGet
3.0.514-r-master-NuGet
3.0.524-r-master-NuGet
3.0.525-r-master-NuGet
3.0.540-r-master-NuGet
3.0.543-r-master-NuGet
3.0.554-r-master-NuGet
3.0.570-r-master-NuGet
3.0.576-r-master-NuGet
3.0.578-r-master-NuGet
3.0.601-r-master-ApiApps
3.0.606-r-master-ApiApps
3.0.608-r-master-ApiApps
3.0.610-r-master-ApiApps
3.0.621-r-master-ApiApps
3.0.623-r-master
3.0.624-r-master
Other
iters/3/qa
iters/4/start
iters/5/prod
iters/5/qa
iters/6/qa
iters/6/start
iters/7/start
iters/8/dev
iters/zold/2012Dec03@1624
iters/zold/2012Dec12@1645
iters/zold/2012Jun04@0000
iters/zold/2013Apr11
iters/zold/2013Apr25
iters/zold/2013Jan22@1653
iters/zold/2013Jul19
iters/zold/2013Mar06@1412
iters/zold/2013Mar28@1638
iters/zold/Dec03@1624
iters/zold/Dec12@1645
iters/zold/Jan22@1653
iters/zold/1.*
iters/zold/1.8
iters/zold/2.*
iters/zold/2.0
v2016.*
v2016.10
v2016.12
v2017.*
v2017.01
v2017.01.17
v2017.01.27
v2017.01.30
v2017.02.24
v2017.03.22
v2017.03.27
v2017.04.28
v2017.06.14
v2017.08.14
v2017.09.01
v2017.10.19
v2017.10.31
v2017.11.27
v2018.*
v2018.01.08
v2018.01.29
v2018.02.22
v2018.03.12
v2018.04.05
v2018.04.25
v2018.05.08
v2018.05.21
v2018.07.16
v2018.08.01
v2018.08.08
v2018.08.20
v2018.09.25
v2018.10.20
v2018.11.05
v2018.11.06
v2018.11.12
v2018.12.12
v2019.*
v2019.01.14
v2019.06.24
v2020.*
v2020.06.09
v2021.*
v2021.04.08
v2022.*
v2022.10.19
v2023.*
v2023.02.27
v2023.04.25
v2024.*
v2024.05.28