CVE-2023-3978

Improper rendering of text nodes in golang.org/x/net/html

EPSS 0.8%

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Affected products

golang.org/x/net · golang.org/x/net/html

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://go.dev/cl/514896 https://go.dev/issue/61615 https://pkg.go.dev/vuln/GO-2023-1988