mistune 跨站脚本漏洞

Mistune is a fast and powerful Python Markdown parser developed by Hsiaoming Yang. Versions of Mistune 3.2.0 and earlier contained a cross-site scripting vulnerability. This vulnerability stemmed from the renderfigure function in src/mistune/directives/image.py, which directly concatenated the...

OESA-2023-1294 golang security update

The Go Programming Language. Security Fixes: Templates containing actions in unquoted HTML attributes e.g. "attr=." executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into...