GHSA-2wrh-6pvc-2jm9

Опубликовано: 02 авг. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Improper rendering of text nodes in golang.org/x/net/html

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Ссылки

Пакеты

Наименование

golang.org/x/net

Затронутые версииВерсия исправления

< 0.13.0

0.13.0

EPSS

Процентиль: 24%

0.0008

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-3978

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-3978

CVSS3: 6.1

ubuntu

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

redhat

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

nvd

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

msrc

10 месяцев назад

Описание отсутствует

CVE-2023-3978

CVSS3: 6.1

debian

около 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendere ...

EPSS

Процентиль: 24%

0.0008

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-3978

Дефекты

CWE-79