CVE-2023-39319

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-39319
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39319.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-39319
Aliases
Downstream
Related
Published
2023-09-08T17:15:27.910Z
Modified
2026-02-13T02:38:21.711460Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The html/template package does not apply the proper rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type
GIT
Repo
https://github.com/golang/go
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
d5b851804329aa547dafa278a0c35dd62298d651
Introduced
c19c4c566c63818dfd059b352e52c4710eecf14d
Fixed
2c1e5b05fe39fc5e6c730dd60e82946b8e67c6ba

Affected versions

go1.*
go1.21.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-39319.json"