Mundur

**Name of the Vulnerable Software and Affected Versions** Go (affected versions not specified) **Description** A flaw in the `go` command's validation of module checksums allows a malicious module proxy to bypass checksum database validation. This occurs when the checksum database returns a successful response that contains no entry for the module, leading the `go` command to incorrectly permit validation to succeed. Consequently, a malicious proxy can serve altered versions of the Go toolchain or modules. This is particularly critical when a different toolchain version is selected via the `GOTOOLCHAIN` environment variable, a `go.work` file, or a `go.mod` file, as the `go` command will download and execute the toolchain provided by the proxy. The issue affects users utilizing an untrusted module proxy (`GOMODPROXY`) or checksum database (`GOSUMDB`). **Recommendations** Upgrade the base Go toolchain. Users with a non-trusted `GOPROXY` can revalidate all dependencies of the current module by running "rm go.sum ; go mod tidy ; go mod verify".

**Name of the Vulnerable Software and Affected Versions** The product name cannot be determined (affected versions not specified) **Description** A flaw exists where a trusted template author can include a `<script>` tag with an empty `type` attribute or a `type` attribute containing ASCII whitespace. This causes the template execution to incorrectly escape data passed into the `<script>` block. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.