110 matches found
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...
Important: docker
Issue Overview: http2/hpack: avoid quadratic complexity in hpack decoding CVE-2022-41723 Templates did not properly consider backticks as Javascript string delimiters, and as such did not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contained a G...
CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
PT-2023-7219 · Zabbix +3 · Zabbix +3
Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.21 Zabbix affected versions not specified Description: The issue concerns the improper handling of backticks in Javascript template literals within Go templates, potentially allowing for the injection of arbitrary...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
EulerOS 2.0 SP10 : golang (EulerOS-SA-2023-2382)
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:2105-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-1 advisory. Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values...