36 matches found
Astra Linux - уязвимость в golang-1.19
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
CVE-2026-40302
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
CVE-2026-40302 zrok has reflected XSS in GitHub OAuth callback via unsanitized refreshInterval error rendering
zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template which performs no HTML escaping instead of html/template. The GitHub OAuth callback handlers in both publicProxy and dynamicProxy embed the...
MAL-2025-190846 Malicious code in go-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de2b1faf83824d6073ab908373d9704ee8fb7cb05322cfb6cedc079603455f10 The package go-template was found to contain malicious code. Source: ghsa-malware 508770194aad24fbaa79597bcc1a3f618b9397f2ad3f6fd1dc06c5dc0938a6ee An...
EUVD-2025-198830
Malicious code in go-template npm...
Malicious code in go-template (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector de2b1faf83824d6073ab908373d9704ee8fb7cb05322cfb6cedc079603455f10 The package go-template was found to contain malicious code. Source: ghsa-malware 508770194aad24fbaa79597bcc1a3f618b9397f2ad3f6fd1dc06c5dc0938a6ee An...
EUVD-2023-28554
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-24538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template...
OESA-2024-2582 podman security update
Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used,...
OESA-2024-2552 etcd security update
%expand: Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the...
OESA-2024-2551 etcd security update
%expand: Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the...
BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
golang: html/template: improper sanitization of CSS values
A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...
golang: html/template: improper sanitization of CSS values
A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper sanitization of CSS values
A flaw was found in golang where angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in the CSS context unexpectedly closing, allowing for the injection of unexpected HMTL if...
CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
DEBIAN-CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
UBUNTU-CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...