37 matches found
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-209)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-209 advisory. html/template: improper sanitization of CSS values Angle brackets were not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
OESA-2023-1294 golang security update
The Go Programming Language. Security Fixes: Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
Important: Red Hat Security Advisory: go-toolset:rhel8 security update
An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
Important: go-toolset:rhel8 security update
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. Security Fixes: golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 For more details about the security issues, including the impact, a CVSS score, acknowledgment...
AZL-26626 CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
AZL-37517 CVE-2023-24540 affecting package golang for versions less than 1.21.6-1
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
CVE-2023-24540 Improper handling of JavaScript whitespace in html/template
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...
SUSE-SU-2023:2127-1 Security update for go1.19
This update for go1.19 fixes the following issues: Update to 1.19.9 bnc1200441: - CVE-2023-24539: fixed an improper sanitization of CSS values bnc1211029. - CVE-2023-24540: fixed an improper handling of JavaScript whitespace bnc1211030. - CVE-2023-29400: fixed an improper handling of empty HTML...
Improper Encoding or Escaping of Output
Overview std/html/template is a Go standard library package std/html/template Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output. Go Vulnerability Report:Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing...
SUSE-SU-2023:2105-1 Security update for go1.20
This update for go1.20 fixes the following issues: Update to 1.20.4 bnc1206346: - CVE-2023-24539: Fixed an improper sanitization of CSS values boo1211029. - CVE-2023-24540: Fixed an improper handling of JavaScript whitespace boo1211030. - CVE-2023-29400: Fixed an improper handling of empty HTML...
SUSE CVE-2023-24540
Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution...