CVE-2023-24540

Improper handling of JavaScript whitespace in html/template

CVSS 9.8 CRITICALEPSS 1.5%CWE-77

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Productos afectados

Go standard library · html/template

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://go.dev/cl/491616 https://go.dev/issue/59721 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://pkg.go.dev/vuln/GO-2023-1752 https://security.netapp.com/advisory/ntap-20241115-0008/