Lucene search
Ubuntu.comUB:CVE-2023-3978HistoryAug 02, 2023 - 12:00 a.m.
CVE-2023-3978
2023-08-0200:00:00
ubuntu.com
ubuntu.com
41
xss attack
html namespace
text nodes
rendered
cve-2023-3978
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.8%
Text nodes not in the HTML namespace are incorrectly literally rendered,
causing text which should be escaped to not be. This could lead to an XSS
attack.
Bugs
Notes
| Author | Note |
|---|---|
| alexmurray | google-guest-agent contains a vendored copy of golang-golang-x-net |
| mdeslaur | containerd contains a vendored copy of golang-golang-x-net google-guest-agent does not contain the render.go file containerd does not contain the render.go file |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | golang-golang-x-net | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | golang-golang-x-net | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | golang-golang-x-net | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-golang-x-net-dev | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-golang-x-net-dev | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-golang-x-net-dev | < any | UNKNOWN |
Related
nessus
nessus
Fedora 40 : rclone (2023-ff1e594f3d)
2024-04-29 00:00:00
Fedora 40 : caddy (2023-57b1499122)
2024-04-29 00:00:00
Fedora 40 : golang-github-onsi-ginkgo-2 (2023-c4b597d917)
2024-04-29 00:00:00
redhat
redhat
redhatcve
redhatcve
CVE-2023-3978
2023-08-07 05:49:01
cbl_mariner
cbl_mariner
CVE-2023-3978 affecting package telegraf for versions less than 1.29.4-1
2024-04-17 22:02:46
CVE-2023-3978 affecting package telegraf for versions less than 1.27.4-1
2023-11-17 23:23:29
CVE-2023-3978 affecting package packer for versions less than 1.10.1-1
2024-04-12 05:06:27
redos
redos
ROS-20240408-02
2024-04-08 00:00:00
prion
prion
Design/Logic Flaw
2023-08-02 20:15:00
veracode
veracode
Cross-Site Scripting (XSS)
2023-08-04 04:52:36
cvelist
cvelist
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
2023-08-02 19:48:56
osv
osv
Improper rendering of text nodes in golang.org/x/net/html
2023-08-02 21:30:20
CVE-2023-3978
2023-08-02 20:15:12
Improper rendering of text nodes in golang.org/x/net/html
2023-08-02 15:06:27
cgr
cgr
CVE-2023-3978 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2023-3978
2023-08-02 20:15:12
nvd
nvd
CVE-2023-3978
2023-08-02 20:15:12
github
github
Improper rendering of text nodes in golang.org/x/net/html
2023-08-02 21:30:20
debiancve
debiancve
CVE-2023-3978
2023-08-02 20:15:12
wolfi
wolfi
CVE-2023-3978 vulnerabilities
2024-07-01 09:08:36
amazon
amazon
Important: nerdctl
2023-11-09 19:19:00
Important: cri-tools
2024-02-01 19:57:00
Important: amazon-ssm-agent
2023-10-12 15:09:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities affect IBM CICS TX Advanced 11.1 and IBM CICS TX Standard 11.1 (CVE-2023-3978, CVE-2023-44487 and CVE-2023-39325).
2023-12-06 09:46:53
almalinux
almalinux
Moderate: podman security, bug fix, and enhancement update
2023-11-07 00:00:00
Moderate: container-tools:4.0 security and bug fix update
2023-11-14 00:00:00
Moderate: container-tools:rhel8 security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
podman security, bug fix, and enhancement update
2023-11-11 00:00:00
container-tools:4.0 security and bug fix update
2023-11-18 00:00:00
container-tools:ol8 security and bug fix update
2023-11-18 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.001 Low
EPSS
Percentile
20.8%
Related for UB:CVE-2023-3978