BIT-golang-2023-24540

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/golang/BIT-golang-2023-24540.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-golang-2023-24540

Aliases

CVE-2023-24540
GO-2023-1752

Published

2024-03-06T10:56:09.496Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.

References

https://go.dev/cl/491616
https://go.dev/issue/59721
https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
https://pkg.go.dev/vuln/GO-2023-1752

Affected packages

Bitnami / golang

Package

Name: golang
Purl: pkg:bitnami/golang

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19.9

Introduced

1.20.0

Fixed

1.20.4