CVE-2023-39318
Summary
| CVE | CVE-2023-39318 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-09-08 17:15:00 UTC |
| Updated | 2023-11-07 04:17:00 UTC |
| Description | The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| September 2023 Golang Vulnerabilities in NetApp Products | NetApp Product Security | MISC | security.netapp.com | |
| [security] Go 1.21.1 and Go 1.20.8 are released | MISC | groups.google.com | |
| html/template: improper handling of HTML-like comments within script contexts (CVE-2023-39318) · Issue #62196 · golang/go · GitHub | MISC | go.dev | |
| GO-2023-2041 - Go Packages | MISC | pkg.go.dev | |
| go.dev/cl/526156 | MISC | go.dev | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 161230 Oracle Enterprise Linux Security Update for podman (ELSA-2023-7765)
- 161231 Oracle Enterprise Linux Security Update for containernetworking-plugins (ELSA-2023-7766)
- 161243 Oracle Enterprise Linux Security Update for skopeo (ELSA-2023-7762)
- 161244 Oracle Enterprise Linux Security Update for buildah (ELSA-2023-7764)
- 161289 Oracle Enterprise Linux Security Update for container-tools:4.0 (ELSA-2024-0121)
- 200040 Ubuntu Security Notification for Go Vulnerabilities (USN-6574-1)
- 242374 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)
- 242464 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
- 242569 Red Hat Update for podman (RHSA-2023:7765)
- 242585 Red Hat Update for containernetworking-plugins (RHSA-2023:7766)
- 242587 Red Hat Update for buildah (RHSA-2023:7764)
- 242593 Red Hat Update for skopeo (RHSA-2023:7762)
- 242882 Red Hat Update for container-tools:4.0 (RHSA-2024:0121)
- 296105 Oracle Solaris 11.4 Support Repository Update (SRU) 63.157.1 Missing (CPUOCT2023)
- 356376 Amazon Linux Security Advisory for golang : ALAS2023-2023-367
- 506086 Alpine Linux Security Update for go
- 673519 EulerOS Security Update for golang (EulerOS-SA-2023-3270)
- 673747 EulerOS Security Update for golang (EulerOS-SA-2023-3178)
- 673945 EulerOS Security Update for golang (EulerOS-SA-2023-3213)
- 673979 EulerOS Security Update for golang (EulerOS-SA-2023-3299)
- 673988 EulerOS Security Update for golang (EulerOS-SA-2023-3331)
- 674107 EulerOS Security Update for golang (EulerOS-SA-2023-3242)
- 710791 Gentoo Linux Go Multiple Vulnerabilities (GLSA 202311-09)
- 754886 SUSE Enterprise Linux Security Update for go1.21 (SUSE-SU-2023:3701-1)
- 754887 SUSE Enterprise Linux Security Update for go1.20 (SUSE-SU-2023:3700-1)
- 754951 SUSE Enterprise Linux Security Update for go1.20-openssl (SUSE-SU-2023:3840-1)
- 755275 SUSE Enterprise Linux Security Update for go1.21-openssl (SUSE-SU-2023:4469-1)
- 770213 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:5009)
- 770214 Red Hat OpenShift Container Platform 4.14 Security Update (RHSA-2023:6840)
- 907882 Common Base Linux Mariner (CBL-Mariner) Security Update for msft-golang (28832-1)
- 907896 Common Base Linux Mariner (CBL-Mariner) Security Update for golang (28694-2)
- 941495 AlmaLinux Security Update for podman (ALSA-2023:7765)
- 941498 AlmaLinux Security Update for containernetworking-plugins (ALSA-2023:7766)
- 941499 AlmaLinux Security Update for skopeo (ALSA-2023:7762)
- 941500 AlmaLinux Security Update for buildah (ALSA-2023:7764)
- 941535 AlmaLinux Security Update for container-tools:4.0 (ALSA-2024:0121)