Astra Linux - уязвимость в golang-1.19

The html/template package does not follow the correct rules for handling occurrences of "", "" within JS literals in contexts. This may cause the template parser to incorrectly consider script contexts as being terminated early, resulting in actions being properly escaped incorrectly. This could ...

Errors returned from JSON marshaling may break template escaping in html/template

...

Improper handling of empty HTML attributes in html/template

...

golang: html/template: improper handling of HTML-like comments within script contexts

A flaw was found in Golang. The html/template package did not properly handle HMTL-like "" comment tokens, nor hashbang "!" comment tokens, in contexts. This issue may cause the template parser to improperly interpret the contents of contexts, causing actions to be improperly escaped...

PT-2023-7113 · Mozilla · Firefox For Ios

Name of the Vulnerable Software and Affected Versions: Firefox for iOS versions prior to 120 Description: The issue is related to the Reader Mode in Firefox for iOS, where the browser fails to neutralize HTML tags, allowing an attacker to perform HTML template injection. This could enable a remot...

golang: html/template: backticks not treated as string delimiters

A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...