Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-24540

Опубликовано: 11 мая 2023
Источник: debian
EPSS Низкий

Описание

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
golang-1.20fixed1.20.4-1package
golang-1.19fixed1.19.9-1experimentalpackage
golang-1.19fixed1.19.10-2package
golang-1.19no-dsabookwormpackage
golang-1.19no-dsabullseyepackage
golang-1.15removedpackage
golang-1.15no-dsabullseyepackage
golang-1.11removedpackage
golang-1.11postponedbusterpackage

Примечания

  • https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU

  • https://github.com/golang/go/issues/59721

  • https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)

  • https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)

EPSS

Процентиль: 47%
0.00243
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-24540

CVSS3: 9.8
ubuntu
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

redhat логотип

CVE-2023-24540

CVSS3: 8.1
redhat
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

nvd логотип

CVE-2023-24540

CVSS3: 9.8
nvd
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

msrc логотип

CVE-2023-24540

CVSS3: 9.8
msrc
около 2 месяцев назад

Improper handling of JavaScript whitespace in html/template

github логотип

GHSA-7qhm-5mxq-x7vp

CVSS3: 9.8
github
больше 2 лет назад

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

EPSS

Процентиль: 47%
0.00243
Низкий