PT-2023-3321 · Unknown+10 · Javascript+10

Juho Nurminen

·

Publicado

2023-04-20

·

Atualizado

2025-11-04

·

CVE-2023-24540

CVSS v3.1

10

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions No specific software name or affected versions are mentioned in the provided descriptions.
Description The issue is related to the handling of whitespace characters in JavaScript contexts. Not all valid JavaScript whitespace characters are considered as whitespace. This can lead to improper sanitization of templates containing whitespace characters outside of the specified character set "t fru0020u2028u2029" when actions are also present in the JavaScript context. The exploitation of this issue may allow a remote attacker to impact the confidentiality, integrity, and availability of protected information.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Special Elements Injection

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-77

Identificadores relacionados

ALSA-2023:3318
ALSA-2023:3319
ALSA-2023:6346
ALSA-2023:6363
ALSA-2023:6402
ALSA-2023:6473
ALSA-2023:6474
ALSA-2023:6938
ALSA-2023:6939
ALT-PU-2023-1699
ALT-PU-2023-1734
ALT-PU-2023-4736
ALT-PU-2023-4785
ALT-PU-2023-5492
ALT-PU-2023-7055
AZL-26626
AZL-37428
AZL-37517
AZL-79082
BDU:2023-03471
BIT-GOLANG-2023-24540
CESA-2023_3319
CESA-2023_6938
CESA-2023_6939
CVE-2023-24540
GO-2023-1752
MGASA-2023-0169
OESA-2023-1294
OPENSUSE-SU-2024:12907-1
OPENSUSE-SU-2024:12908-1
RHSA-2023:3318
RHSA-2023:3319
RHSA-2023:3323
RHSA-2023:3366
RHSA-2023:3409
RHSA-2023:3445
RHSA-2023:3545
RHSA-2023:3612
RHSA-2023:3910
RHSA-2023:3914
RHSA-2023:4420
RHSA-2023:4470
RHSA-2023:6346
RHSA-2023:6363
RHSA-2023:6402
RHSA-2023:6473
RHSA-2023:6474
RHSA-2023:6938
RHSA-2023:6939
RHSA-2023_3318
RHSA-2023_3319
RHSA-2023_6346
RHSA-2023_6363
RHSA-2023_6402
RHSA-2023_6473
RHSA-2023_6474
RHSA-2023_6938
RHSA-2023_6939
RLSA-2023:3319
SUSE-SU-2023:2105-1
SUSE-SU-2023:2105-2
SUSE-SU-2023:2127-1
USN-6140-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Javascript
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu