Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CPENameOperatorVersion
golang.org/x/netlt0.13.0

CPE	Name	Operator	Version
	golang.org/x/net	lt	0.13.0

References

go.dev/cl/514896

go.dev/issue/61615

nvd.nist.gov/vuln/detail/CVE-2023-3978

pkg.go.dev/vuln/GO-2023-1988

nessus 27

redhat 19

redhatcve 1

prion 1

redos 1

cvelist 1

cbl_mariner 4

veracode 1

cve 1

osv 5

github 1

debiancve 1

wolfi 1

ubuntucve 1

cgr 1

amazon 3

ibm 6

almalinux 3

oraclelinux 3

nessus

Fedora 40 : caddy (2023-57b1499122)

2024-04-29 00:00:00

Fedora 40 : rclone (2023-ff1e594f3d)

2024-04-29 00:00:00

Fedora 40 : golang-github-onsi-ginkgo-2 (2023-c4b597d917)

2024-04-29 00:00:00

redhat

(RHSA-2024:0944) Moderate: OpenShift Container Platform 4.14.14 packages and security update

2024-02-28 00:25:30

(RHSA-2023:7216) Moderate: Red Hat OpenShift Service Mesh Containers for 2.4.5

2023-11-15 00:15:54

(RHSA-2023:7315) Important: OpenShift Container Platform 4.14.3 bug fix and security update

2023-11-21 09:25:58

redhatcve

CVE-2023-3978

2023-08-07 05:49:01

prion

Design/Logic Flaw

2023-08-02 20:15:00

redos

ROS-20240408-02

2024-04-08 00:00:00

cvelist

CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html

2023-08-02 19:48:56

cbl_mariner

CVE-2023-3978 affecting package telegraf for versions less than 1.29.4-1

2024-04-17 22:02:46

CVE-2023-3978 affecting package packer for versions less than 1.10.1-1

2024-04-12 05:06:27

CVE-2023-3978 affecting package kubevirt for versions less than 1.2.0-1

2024-04-17 22:02:46

veracode

Cross-Site Scripting (XSS)

2023-08-04 04:52:36

cve

CVE-2023-3978

2023-08-02 20:15:12

osv

CVE-2023-3978

2023-08-02 20:15:12

Improper rendering of text nodes in golang.org/x/net/html

2023-08-02 15:06:27

Moderate: podman security, bug fix, and enhancement update

2023-11-07 00:00:00

github

Improper rendering of text nodes in golang.org/x/net/html

2023-08-02 21:30:20

debiancve

CVE-2023-3978

2023-08-02 20:15:12

wolfi

CVE-2023-3978 vulnerabilities

2024-06-02 22:01:16

ubuntucve

CVE-2023-3978

2023-08-02 00:00:00

cgr

CVE-2023-3978 vulnerabilities

2024-05-19 03:07:16

amazon

Important: nerdctl

2023-11-09 19:19:00

Important: cri-tools

2024-02-01 19:57:00

Important: amazon-ssm-agent

2023-10-12 15:09:00

ibm

Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).

2023-12-06 09:46:53

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from shadow-utils, procps-ng, containerd, urllib3, nghttp2 and Golang

2023-12-15 07:45:06

Security Bulletin: App Connect Enterprise Certified Container UBI updates

2024-02-02 14:30:02

almalinux

Moderate: podman security, bug fix, and enhancement update

2023-11-07 00:00:00

Moderate: container-tools:4.0 security and bug fix update

2023-11-14 00:00:00

Moderate: container-tools:rhel8 security and bug fix update

2023-11-14 00:00:00

oraclelinux

podman security, bug fix, and enhancement update

2023-11-11 00:00:00

container-tools:4.0 security and bug fix update

2023-11-18 00:00:00

container-tools:ol8 security and bug fix update

2023-11-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for OSV:GHSA-2WRH-6PVC-2JM9