24 matches found
Astra Linux - уязвимость в golang-1.19
Templates do not properly handle backticks as JavaScript string delimiters, and do not escape them as expected. Backticks have been used since ES6 for JavaScript template literals. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be...
Linux Distros Unpatched Vulnerability : CVE-2023-24538
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template...
OESA-2024-2582 podman security update
Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used,...
OESA-2024-2552 etcd security update
%expand: Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the...
OESA-2024-2551 etcd security update
%expand: Security Fixes: Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
DEBIAN-CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
UBUNTU-CVE-2023-29453
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
golang: html/template: improper handling of JavaScript whitespace
A flaw was found in golang, where not all valid JavaScript white-space characters were considered white space. Due to this issue, templates containing white-space characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be...
AZL-37362 CVE-2023-24539 affecting package golang for versions less than 1.21.6-1
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
AZL-79046 CVE-2023-24539 affecting package golang 1.25.7-1
Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input...
SUSE SLES15 Security Update : go1.20 (SUSE-SU-2023:2105-2)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:2105-2 advisory. - HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service...
AZL-34751 CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
Templates do not properly consider backticks as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to...