CVE-2024-47604

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-47604
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/NuGet/NuGetGallery/commit/3a18689dd0de856e03d081af999783f0e6e7ca70
https://github.com/NuGet/NuGetGallery/pull/10193
https://github.com/NuGet/NuGetGallery/security/advisories/GHSA-hq63-27r7-2j64
Configurations

No configuration.

History

04 Oct 2024, 13:51

Type Values Removed Values Added
Summary
  • (es) NuGet Gallery es un repositorio de paquetes que alimenta a nuget.org. NuGetGallery tiene una vulnerabilidad de seguridad en su manejo de atributos de elementos HTML, lo que permite a un atacante ejecutar código HTML o Javascript arbitrario en el navegador de la víctima.

01 Oct 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-01 16:15

Updated : 2024-10-04 13:51

NVD link : CVE-2024-47604

Mitre link : CVE-2024-47604

CVE.ORG link : CVE-2024-47604

JSON object : View

Products Affected

No product.

CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')