BIT-golang-2023-24540

Import Source

https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2023-24540.json

Aliases

CVE-2023-24540
GO-2023-1752

Published

2024-03-06T10:56:09.496Z

Modified

2024-03-06T11:25:28.861Z

Details

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

References

https://go.dev/cl/491616
https://go.dev/issue/59721
https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
https://pkg.go.dev/vuln/GO-2023-1752

Affected packages

Bitnami / golang

Package

Name: golang

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.19.9

Introduced

1.20.0

Fixed

1.20.4