GO-2023-1988

Source
https://pkg.go.dev/vuln/GO-2023-1988
Import Source
https://vuln.go.dev/ID/GO-2023-1988.json
JSON Data
https://api.osv.dev/v1/vulns/GO-2023-1988
Aliases
Related
Published
2023-08-02T15:06:27Z
Modified
2024-10-22T05:28:50.435074Z
Summary
Improper rendering of text nodes in golang.org/x/net/html
Details

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

Database specific
{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2023-1988"
}
References

Affected packages

Go / golang.org/x/net

Package

Name
golang.org/x/net
View open source insights on deps.dev
Purl
pkg:golang/golang.org/x/net

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.13.0

Ecosystem specific

{
    "imports": [
        {
            "path": "golang.org/x/net/html",
            "symbols": [
                "Render",
                "render1"
            ]
        }
    ]
}