14 matches found
Backticks not treated as string delimiters in html/template
...
BIT-GOLANG-2023-24538 Backticks not treated as string delimiters in html/template
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
Important: Red Hat Security Advisory: Red Hat OpenStack Platform 16.2.5 (collectd-libpod-stats) security update
An update for collectd-libpod-stats is now available for Red Hat OpenStack Platform 16.2.5 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
Important: golang
Issue Overview: RESERVED NOTE: https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41724 Golang: net/http, mime/multipart: denial of service from excessive resource consumption https://groups.google.com/g/golang-announce/c/V0aBFqaFsE CVE-2022-41725 The ScalarMult and ScalarBaseMult...
golang: html/template: backticks not treated as string delimiters
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system...
Security Bulletin: Vulnerability in Golang Go could affect IBM CICS TX Advanced [CVE-2023-24538]
Summary CVE-2023-24538 may affect IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2023-24538 DESCRIPTION: Golang Go could allow a remote attacker to execute arbitrary code on the system, caused by not properly consider backticks as...
SUSE SLES15 Security Update : go1.20 (SUSE-SU-2023:2105-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-2 advisory. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...
CVE-2023-24538
A flaw was found in Golang Go. This flaw allows a remote attacker to execute arbitrary code on the system, caused by not properly considering backticks as Javascript string delimiters. By sending a specially crafted request, an attacker execute arbitrary code on the system. Mitigation Mitigation...
go -- multiple vulnerabilities
The Go project reports: go/parser: infinite loop in parsing Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow. html/template: backticks not treated as string delimiters Templates di...