Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-24540

Опубликовано: 11 мая 2023
Источник: debian
EPSS Низкий

Описание

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.4-1package
golang-1.19fixed1.19.9-1experimentalpackage
golang-1.19fixed1.19.10-2package
golang-1.19no-dsabookwormpackage
golang-1.19no-dsabullseyepackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

  • https://github.com/golang/go/issues/59721

  • https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)

  • https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)

EPSS

Процентиль: 47%
0.00243
Низкий

Связанные уязвимости

CVSS3: 9.8
ubuntu
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

CVSS3: 8.1
redhat
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

CVSS3: 9.8
nvd
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

CVSS3: 9.8
msrc
около 2 месяцев назад

Improper handling of JavaScript whitespace in html/template

CVSS3: 9.8
github
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

EPSS

Процентиль: 47%
0.00243
Низкий