PT-2023-9456 · Google+11 · Go+11
Takeshi Kaneko
·
Published
2023-08-21
·
Updated
2024-11-14
·
CVE-2023-39318
CVSS v2.0
6.4
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Go versions prior to 1.20.8
dev-go/go-tools versions prior to 0.3.0
Description
The issue is related to the html/template package in the Go programming language, which does not properly handle HTML-like comment tokens or hashbang "#!" comment tokens in
Recommendations
For Go versions prior to 1.20.8, upgrade to version 1.20.8 or later to resolve the issue.
For dev-go/go-tools versions prior to 0.3.0, upgrade to version 0.3.0 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the html/template package in
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Go
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu