admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2023/CVE-2023-393xx/CVE-2023-39319.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

159 lines
4.5 KiB
JSON
Raw Blame History

{
"id": "CVE-2023-39319",
"sourceIdentifier": "security@golang.org",
"published": "2023-09-08T17:15:27.910",
"lastModified": "2024-11-21T08:15:08.890",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The html/template package does not apply the proper rules for handling occurrences of \"<script\", \"<!--\", and \"</script\" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack."
},
{
"lang": "es",
"value": "El paquete html/template no aplica las reglas adecuadas para controlar las ocurrencias de \". Esto puede hacer que el analizador de plantillas considere incorrectamente que los contextos de script se terminan antes de tiempo, lo que provoca que las acciones se escapen incorrectamente. Esto podr\u00eda aprovecharse para realizar un ataque XSS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.20.8",
"matchCriteriaId": "F1B13F8E-84CD-45E0-8DC5-FFF2A1E5E162"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.21.0",
"versionEndExcluding": "1.21.1",
"matchCriteriaId": "958E1BA0-2840-47E9-A790-79C10164C68C"
}
]
}
]
}
],
"references": [
{
"url": "https://go.dev/cl/526157",
"source": "security@golang.org",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/62197",
"source": "security@golang.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"source": "security@golang.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2043",
"source": "security@golang.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202311-09",
"source": "security@golang.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0009/",
"source": "security@golang.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://go.dev/cl/526157",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://go.dev/issue/62197",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://pkg.go.dev/vuln/GO-2023-2043",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202311-09",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231020-0009/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink