CVE-2023-3978

Опубликовано: 02 авг. 2023

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Ссылки

https://go.dev/cl/514896
Patch
https://go.dev/issue/61615
Issue Tracking
Patch
Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1988
Issue Tracking
Patch
Vendor Advisory
https://go.dev/cl/514896
Patch
https://go.dev/issue/61615
Issue Tracking
Patch
Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1988
Issue Tracking
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*

Версия до 0.13.0 (исключая)

EPSS

Процентиль: 27%

0.00097

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2023-3978

CVSS3: 6.1

ubuntu

больше 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

redhat

больше 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

CVE-2023-3978

CVSS3: 6.1

msrc

около 1 года назад

Описание отсутствует

CVE-2023-3978

CVSS3: 6.1

debian

больше 2 лет назад

Text nodes not in the HTML namespace are incorrectly literally rendere ...

SUSE-SU-2024:4011-1

suse-cvrf

около 1 года назад

Security update for SUSE Manager Client Tools

EPSS

Процентиль: 27%

0.00097

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-79