CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
49.7%
Angle brackets (<>) are not considered dangerous characters when inserted
into CSS contexts. Templates containing multiple actions separated by a ‘/’
character can result in unexpectedly closing the CSS context and allowing
for injection of unexpected HTML, if executed with untrusted input.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 22.10 | noarch | golang-1.19 | < 1.19.2-1ubuntu1.1 | UNKNOWN |
ubuntu | 23.04 | noarch | golang-1.19 | < 1.19.8-1ubuntu0.1 | UNKNOWN |
ubuntu | 23.04 | noarch | golang-1.20 | < 1.20.3-1ubuntu0.1 | UNKNOWN |
github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)
github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)
github.com/golang/go/issues/59720
groups.google.com/g/golang-announce/c/MEb0UyuSMsU
launchpad.net/bugs/cve/CVE-2023-24539
nvd.nist.gov/vuln/detail/CVE-2023-24539
security-tracker.debian.org/tracker/CVE-2023-24539
ubuntu.com/security/notices/USN-6140-1
www.cve.org/CVERecord?id=CVE-2023-24539