CVE-2024-54138

Name of the Vulnerable Software and Affected Versions: NuGet Gallery versions prior to 2024.12.06

Description: The NuGet Gallery has a security issue related to its handling of autolinks in Markdown content. Although the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks.

Recommendations: For versions prior to 2024.12.06, update to a version released on or after 2024.12.06 to resolve the issue. As a temporary workaround, consider disabling the handling of autolinks in Markdown content until a patch is available. Restrict access to Markdown content with autolinks to minimize the risk of exploitation.