Templates containing actions in unquoted HTML attributes (e.g. “attr={{.}}”) executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-community | noarch | go | < 1.20.4-r0 | UNKNOWN |
Alpine | 3.17-community | noarch | go | < 1.19.9-r0 | UNKNOWN |
Alpine | 3.18-community | noarch | go | < 1.20.4-r0 | UNKNOWN |
Alpine | 3.19-community | noarch | go | < 1.20.4-r0 | UNKNOWN |