Lucene search
GoCVELIST:CVE-2023-39318HistorySep 08, 2023 - 4:13 p.m.
CVE-2023-39318 Improper handling of HTML-like comments in script contexts in html/template
2023-09-0816:13:24
Go
www.cve.org
9
cve-2023-39318
improper handling
html-like comments
script contexts
template package
xss attack
The html/template package does not properly handle HTML-like โโ comment tokens, nor hashbang โ#!โ comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.
CNA Affected
[
{
"vendor": "Go standard library",
"product": "html/template",
"collectionURL": "https://pkg.go.dev",
"packageName": "html/template",
"versions": [
{
"version": "0",
"lessThan": "1.20.8",
"status": "affected",
"versionType": "semver"
},
{
"version": "1.21.0-0",
"lessThan": "1.21.1",
"status": "affected",
"versionType": "semver"
}
],
"programRoutines": [
{
"name": "isComment"
},
{
"name": "escaper.escapeText"
},
{
"name": "tJS"
},
{
"name": "tLineCmt"
},
{
"name": "Template.Execute"
},
{
"name": "Template.ExecuteTemplate"
}
],
"defaultStatus": "unaffected"
}
]Related
alpinelinux
alpinelinux
CVE-2023-39318
2023-09-08 17:15:27
veracode
veracode
Cross-Site Scripting (XSS)
2023-10-03 07:01:30
Cross-Site Scripting (XSS)
2023-10-02 20:15:16
osv
osv
CGA-jh9g-37wg-xgw7
2024-06-06 12:26:06
CVE-2023-39318
2023-09-08 17:15:27
BIT-golang-2023-39318
2024-03-06 10:54:41
cbl_mariner
cbl_mariner
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
2024-10-01 22:11:46
CVE-2023-39318 affecting package golang for versions less than 1.20.10-1
2024-10-01 22:11:53
prion
prion
Hardcoded credentials
2023-09-08 17:15:00
nvd
nvd
CVE-2023-39318
2023-09-08 17:15:27
ubuntucve
ubuntucve
CVE-2023-39318
2023-09-08 00:00:00
cgr
cgr
CVE-2023-39318 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-39318
2023-09-08 17:15:27
debiancve
debiancve
CVE-2023-39318
2023-09-08 17:15:27
redhatcve
redhatcve
CVE-2023-39318
2023-09-13 06:54:11
vulnrichment
vulnrichment
wolfi
wolfi
CVE-2023-39318 vulnerabilities
2024-10-01 21:13:23
nessus
nessus
Photon OS 3.0: Go PHSA-2023-3.0-0665
2024-07-24 00:00:00
Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2023-367)
2023-10-03 00:00:00
ibm
ibm
openvas
openvas
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3700-1)
2024-03-04 00:00:00
openSUSE: Security Advisory for go1.20 (SUSE-SU-2023:3840-1)
2024-03-04 00:00:00
Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2023-3213)
2023-11-10 00:00:00
redos
redos
ROS-20241001-02
2024-10-01 00:00:00
almalinux
almalinux
Moderate: toolbox security update
2024-04-30 00:00:00
Moderate: buildah security update
2023-12-12 00:00:00
Moderate: containernetworking-plugins security update
2023-12-12 00:00:00
redhat
redhat
(RHSA-2024:2160) Moderate: toolbox security update
2024-04-30 06:14:54
(RHSA-2023:7762) Moderate: skopeo security update
2023-12-12 16:42:25
(RHSA-2023:7765) Moderate: podman security update
2023-12-12 16:42:34
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0665
2023-10-10 00:00:00
Important Photon OS Security Update - PHSA-2023-5.0-0108
2023-10-05 00:00:00
Moderate Photon OS Security Update - PHSA-2023-4.0-0484
2023-10-05 00:00:00
oraclelinux
oraclelinux
buildah security update
2023-12-14 00:00:00
skopeo security update
2023-12-13 00:00:00
containernetworking-plugins security update
2023-12-13 00:00:00
amazon
amazon
Important: golang
2023-10-16 13:45:00
freebsd
freebsd
go -- multiple vulnerabilities
2023-09-06 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2024-01-11 00:00:00
gentoo
gentoo
Go: Multiple Vulnerabilities
2023-11-25 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00