GHSA-2wrh-6pvc-2jm9

Опубликовано: 02 авг. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Improper rendering of text nodes in golang.org/x/net/html

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Ссылки

Пакеты

Наименование

golang.org/x/net

Затронутые версииВерсия исправления

< 0.13.0

0.13.0

EPSS

Процентиль: 24%

0.00078

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-3978

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-3978

CVSS3: 6.1

ubuntu

почти 2 года назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

redhat

почти 2 года назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

nvd

почти 2 года назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

msrc

8 месяцев назад

Описание отсутствует

CVE-2023-3978

CVSS3: 6.1

debian

почти 2 года назад

Text nodes not in the HTML namespace are incorrectly literally rendere ...

EPSS

Процентиль: 24%

0.00078

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2023-3978

Дефекты

CWE-79