Lucene search
Ubuntu.comUB:CVE-2023-29400HistoryMay 11, 2023 - 12:00 a.m.
CVE-2023-29400
2023-05-1100:00:00
ubuntu.com
ubuntu.com
26
0.001 Low
EPSS
Percentile
38.0%
Templates containing actions in unquoted HTML attributes (e.g.
“attr={{.}}”) executed with empty input can result in output with
unexpected results when parsed due to HTML normalization rules. This may
allow injection of arbitrary attributes into tags.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.10 | noarch | golang-1.19 | < 1.19.2-1ubuntu1.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | golang-1.19 | < 1.19.8-1ubuntu0.1 | UNKNOWN |
| ubuntu | 23.04 | noarch | golang-1.20 | < 1.20.3-1ubuntu0.1 | UNKNOWN |
References
github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)
github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)
github.com/golang/go/issues/59722
groups.google.com/g/golang-announce/c/MEb0UyuSMsU
launchpad.net/bugs/cve/CVE-2023-29400
nvd.nist.gov/vuln/detail/CVE-2023-29400
security-tracker.debian.org/tracker/CVE-2023-29400
ubuntu.com/security/notices/USN-6140-1
www.cve.org/CVERecord?id=CVE-2023-29400
Related
cgr
cgr
CVE-2023-29400 vulnerabilities
2024-05-19 03:07:16
osv
osv
BIT-golang-2023-29400
2024-03-06 10:55:58
Improper handling of empty HTML attributes in html/template
2023-05-05 21:10:24
CVE-2023-29400
2023-05-11 16:15:09
debiancve
debiancve
CVE-2023-29400
2023-05-11 16:15:09
cve
cve
CVE-2023-29400
2023-05-11 16:15:09
alpinelinux
alpinelinux
CVE-2023-29400
2023-05-11 16:15:09
cbl_mariner
cbl_mariner
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1
2024-05-21 03:37:54
CVE-2023-29400 affecting package msft-golang for versions less than 1.20.7-1
2024-05-21 03:38:00
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1
2024-05-21 03:38:00
redhatcve
redhatcve
CVE-2023-29400
2023-05-08 09:53:02
wolfi
wolfi
CVE-2023-29400 vulnerabilities
2024-05-20 21:07:17
prion
prion
Code injection
2023-05-11 16:15:00
veracode
veracode
Command Injection
2023-05-14 12:08:29
cvelist
cvelist
CVE-2023-29400 Improper handling of empty HTML attributes in html/template
2023-05-11 15:29:24
ibm
ibm
nessus
nessus
Amazon Linux AMI : golang (ALAS-2023-1760)
2023-06-09 00:00:00
CentOS 9 : toolbox-0.0.99.4-5.el9
2024-04-26 00:00:00
EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-2583)
2023-08-08 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2023-05-16 22:17:40
redhat
redhat
openvas
openvas
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2613)
2023-08-08 00:00:00
Mageia: Security Advisory (MGASA-2023-0169)
2023-05-17 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-2583)
2023-08-08 00:00:00
amazon
amazon
Important: golang
2023-06-05 16:39:00
Important: golang
2023-07-20 17:29:00
Important: golang
2023-09-27 22:15:00
f5
f5
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.19.9-alt1
2023-05-03 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0387
2023-05-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-3.0-0575
2023-05-05 00:00:00
Critical Photon OS Security Update - PHSA-2023-5.0-0037
2023-06-23 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-04-27 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2023-06-06 00:00:00
oraclelinux
oraclelinux
containernetworking-plugins security and bug fix update
2023-11-11 00:00:00
skopeo security update
2023-11-11 00:00:00
buildah security update
2023-11-11 00:00:00
almalinux
almalinux
Moderate: toolbox security and bug fix update
2023-11-07 00:00:00
Moderate: containernetworking-plugins security and bug fix update
2023-11-07 00:00:00
Moderate: buildah security update
2023-11-07 00:00:00
redos
redos
ROS-20240418-06
2024-04-18 00:00:00