Jondouglas

**Name of the Vulnerable Software and Affected Versions** NuGet Gallery versions prior to 2024.05.28 **Description** The NuGet Gallery has a security issue related to its handling of autolinks in Markdown content. It does not adequately sanitize autolinks, allowing attackers to exploit them as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink, the link is rendered without proper sanitization, enabling the execution of JavaScript code within the autolink by the browser. **Recommendations** For versions prior to 2024.05.28, update to version 2024.05.28 to resolve the issue. As a temporary workaround, consider disabling the rendering of Markdown autolinks until the patch is applied. Restrict access to user-inputted Markdown content to minimize the risk of exploitation. Avoid using JavaScript code within Markdown autolinks in the affected NuGet Gallery versions until the issue is resolved.