Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution.

CPENameOperatorVersion
golanglt1.19.9
golangge1.20.0
golanglt1.20.4

Name	Operator	Version
golang	lt	1.19.9
golang	ge	1.20.0
golang	lt	1.20.4

References

go.dev/cl/491616

go.dev/issue/59721

groups.google.com/g/golang-announce/c/MEb0UyuSMsU

pkg.go.dev/vuln/GO-2023-1752

nessus 68

almalinux 9

redhatcve 1

osv 12

wolfi 1

ubuntucve 1

debiancve 1

alpinelinux 1

cve 1

cgr 1

oraclelinux 8

prion 1

rocky 1

ibm 22

cvelist 1

redhat 41

cbl_mariner 2

veracode 1

mageia 1

amazon 5

openvas 10

f5 1

altlinux 1

photon 5

freebsd 1

ubuntu 1

redos 1

nessus

AlmaLinux 8 : go-toolset:rhel8 (ALSA-2023:3319)

2023-05-26 00:00:00

AlmaLinux 9 : go-toolset and golang (ALSA-2023:3318)

2023-05-25 00:00:00

Rocky Linux 8 : go-toolset:Rocky Linux8 (RLSA-2023:3319)

2023-05-25 00:00:00

almalinux

Important: go-toolset and golang security update

2023-05-25 00:00:00

Important: go-toolset:rhel8 security update

2023-05-25 00:00:00

Moderate: toolbox security and bug fix update

2023-11-07 00:00:00

redhatcve

CVE-2023-24540

2023-05-08 09:52:44

osv

CVE-2023-24540

2023-05-11 16:15:09

Important: go-toolset:rhel8 security update

2023-05-25 00:00:00

Important: go-toolset and golang security update

2023-05-25 00:00:00

wolfi

CVE-2023-24540 vulnerabilities

2024-05-17 16:29:45

ubuntucve

CVE-2023-24540

2023-05-11 00:00:00

debiancve

CVE-2023-24540

2023-05-11 16:15:09

alpinelinux

CVE-2023-24540

2023-05-11 16:15:09

cve

CVE-2023-24540

2023-05-11 16:15:09

cgr

CVE-2023-24540 vulnerabilities

2024-05-17 15:41:37

oraclelinux

go-toolset and golang security update

2023-05-25 00:00:00

go-toolset:ol8 security update

2023-05-25 00:00:00

containernetworking-plugins security and bug fix update

2023-11-11 00:00:00

prion

Code injection

2023-05-11 16:15:00

rocky

go-toolset:Rocky Linux8 security update

2023-05-25 17:22:28

ibm

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to HTML injection in Go [CVE-2023-24540]

2023-07-27 17:04:44

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Go HTML injection vulnerability [CVE-2023-24540]

2024-01-31 13:30:47

Security Bulletin: IBM App Connect Enterprise Certified Container operands and operator may be vulnerable to HTML injection due to [CVE-2023-24540]

2023-06-28 15:18:46

cvelist

CVE-2023-24540 Improper handling of JavaScript whitespace in html/template

2023-05-11 15:29:31

redhat

(RHSA-2023:4420) Important: OpenShift Virtualization 4.12.5 RPMs security and bug fix update

2023-08-01 14:32:33

(RHSA-2023:3409) Important: OpenShift Container Platform 4.12.20 packages and security update

2023-06-07 21:08:31

(RHSA-2023:3545) Important: OpenShift Container Platform 4.12.21 packages and security update

2023-06-14 04:16:49

cbl_mariner

CVE-2023-24540 affecting package golang for versions less than 1.21.6-1

2024-05-17 09:07:16

CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1

2024-05-17 09:07:16

veracode

Improper Sanitization

2023-05-14 11:44:15

mageia

Updated golang packages fix security vulnerability

2023-05-16 22:17:40

amazon

Important: golang

2023-06-05 16:39:00

Important: amazon-ssm-agent

2023-10-12 15:48:00

Important: amazon-ssm-agent

2023-10-12 15:09:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2613)

2023-08-08 00:00:00

Mageia: Security Advisory (MGASA-2023-0169)

2023-05-17 00:00:00

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2583)

2023-08-08 00:00:00

K000138679 : GoLang vulnerabilities CVE-2023-24540, CVE-2023-29400, and CVE-2023-29403

2024-02-21 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.19.9-alt1

2023-05-03 00:00:00

photon

Critical Photon OS Security Update - PHSA-2023-4.0-0387

2023-05-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0575

2023-05-05 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0037

2023-06-23 00:00:00

freebsd

go -- multiple vulnerabilities

2023-04-27 00:00:00

ubuntu

Go vulnerabilities

2023-06-06 00:00:00

redos

ROS-20240418-06

2024-04-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

9.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

51.0%

JSON

Related for OSV:BIT-GOLANG-2023-24540