CVE-2024-47604

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-47604

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47604.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-47604

Aliases

GHSA-hq63-27r7-2j64

Published

2024-10-01T16:15:10Z

Modified

2024-11-14T01:55:37.529393Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.

References

Affected packages

Git / github.com/nuget/nugetgallery

Affected ranges

Type: GIT
Repo: https://github.com/nuget/nugetgallery
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3a18689dd0de856e03d081af999783f0e6e7ca70

Affected versions

3.*

3.0.269-r-develop-octov3-1-ApiApps

3.0.393-r-master

3.0.434-r4-master-NuGet

3.0.474-r-master-NuGet

3.0.490-r-master-NuGet

3.0.501-r-master-NuGet

3.0.506-r-master-NuGet

3.0.507-r-master-NuGet

3.0.510-r-master-NuGet

3.0.514-r-master-NuGet

3.0.524-r-master-NuGet

3.0.525-r-master-NuGet

3.0.540-r-master-NuGet

3.0.543-r-master-NuGet

3.0.554-r-master-NuGet

3.0.570-r-master-NuGet

3.0.576-r-master-NuGet

3.0.578-r-master-NuGet

3.0.601-r-master-ApiApps

3.0.606-r-master-ApiApps

3.0.608-r-master-ApiApps

3.0.610-r-master-ApiApps

3.0.621-r-master-ApiApps

3.0.623-r-master

3.0.624-r-master

Other

iters/3/qa

iters/4/start

iters/5/prod

iters/5/qa

iters/6/qa

iters/6/start

iters/7/start

iters/8/dev

iters/zold/2012Dec03@1624

iters/zold/2012Dec12@1645

iters/zold/2012Jun04@0000

iters/zold/2013Apr11

iters/zold/2013Apr25

iters/zold/2013Jan22@1653

iters/zold/2013Jul19

iters/zold/2013Mar06@1412

iters/zold/2013Mar28@1638

iters/zold/Dec03@1624

iters/zold/Dec12@1645

iters/zold/Jan22@1653

iters/zold/1.*

iters/zold/1.8

iters/zold/2.*

iters/zold/2.0

v2016.*

v2016.10

v2016.12

v2017.*

v2017.01

v2017.01.17

v2017.01.27

v2017.01.30

v2017.02.24

v2017.03.22

v2017.03.27

v2017.04.28

v2017.06.14

v2017.08.14

v2017.09.01

v2017.10.19

v2017.10.31

v2017.11.27

v2018.*

v2018.01.08

v2018.01.29

v2018.02.22

v2018.03.12

v2018.04.05

v2018.04.25

v2018.05.08

v2018.05.21

v2018.07.16

v2018.08.01

v2018.08.08

v2018.08.20

v2018.09.25

v2018.10.20

v2018.11.05

v2018.11.06

v2018.11.12

v2018.12.12

v2019.*

v2019.01.14

v2019.06.24

v2020.*

v2020.06.09

v2021.*

v2021.04.08

v2022.*

v2022.10.19

v2023.*

v2023.02.27

v2023.04.25

v2024.*

v2024.05.28