CVE-2023-3978

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
References
Link Resource
https://go.dev/cl/514896 Patch
https://go.dev/issue/61615 Issue Tracking Patch Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1988 Issue Tracking Patch Vendor Advisory
https://go.dev/cl/514896 Patch
https://go.dev/issue/61615 Issue Tracking Patch Vendor Advisory
https://pkg.go.dev/vuln/GO-2023-1988 Issue Tracking Patch Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*

History

21 Nov 2024, 08:18

Type Values Removed Values Added
References () https://go.dev/cl/514896 - Patch () https://go.dev/cl/514896 - Patch
References () https://go.dev/issue/61615 - Issue Tracking, Patch, Vendor Advisory () https://go.dev/issue/61615 - Issue Tracking, Patch, Vendor Advisory
References () https://pkg.go.dev/vuln/GO-2023-1988 - Issue Tracking, Patch, Vendor Advisory () https://pkg.go.dev/vuln/GO-2023-1988 - Issue Tracking, Patch, Vendor Advisory

07 Aug 2023, 18:24

Type Values Removed Values Added
First Time Golang
Golang networking
CPE cpe:2.3:a:golang:networking:*:*:*:*:*:go:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79
References (MISC) https://go.dev/cl/514896 - (MISC) https://go.dev/cl/514896 - Patch
References (MISC) https://pkg.go.dev/vuln/GO-2023-1988 - (MISC) https://pkg.go.dev/vuln/GO-2023-1988 - Issue Tracking, Patch, Vendor Advisory
References (MISC) https://go.dev/issue/61615 - (MISC) https://go.dev/issue/61615 - Issue Tracking, Patch, Vendor Advisory

02 Aug 2023, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-02 20:15

Updated : 2024-11-21 08:18


NVD link : CVE-2023-3978

Mitre link : CVE-2023-3978

CVE.ORG link : CVE-2023-3978


JSON object : View

Products Affected

golang

  • networking
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')