Описание
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.19.9-1 |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | released | 1.19.2-1ubuntu1.1 |
| lunar | released | 1.19.8-1ubuntu0.1 |
| trusty | ignored | end of standard support |
| upstream | needs-triage | |
| xenial | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | not-affected | 1.20.4-1 |
| esm-infra/focal | DNE | focal was not-affected [1.20.3-1ubuntu0.1~20.04] |
| focal | not-affected | 1.20.3-1ubuntu0.1~20.04 |
| jammy | not-affected | 1.20.3-1ubuntu0.1~22.04 |
| kinetic | DNE | |
| lunar | released | 1.20.3-1ubuntu0.1 |
| trusty | ignored | end of standard support |
| upstream | released | 1.20.4-1 |
| xenial | ignored | end of standard support |
Показывать по
Ссылки на источники
EPSS
7.3 High
CVSS3
Связанные уязвимости
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Templates containing actions in unquoted HTML attributes (e.g. "attr={ ...
Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.
Уязвимость языка программирования Go, существующая из-за непринятия мер по нейтрализации специальных элементов, позволяющая нарушителю внедрить произвольные атрибуты в теги HTML
EPSS
7.3 High
CVSS3