UBUNTU-CVE-2023-29400

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2023-29400
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-29400.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-29400
Upstream
Related
  • USN-6140-1
Published
2023-05-11T16:15:00Z
Modified
2025-07-16T07:20:40.728147Z
Severity
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • 7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

Templates containing actions in unquoted HTML attributes (e.g. "attr={{.}}") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.

References

Affected packages

Ubuntu:20.04:LTS / golang-1.20

Package

Name
golang-1.20
Purl
pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~20.04?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.3-1ubuntu0.1~20.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "golang-1.20",
            "binary_version": "1.20.3-1ubuntu0.1~20.04"
        },
        {
            "binary_name": "golang-1.20-doc",
            "binary_version": "1.20.3-1ubuntu0.1~20.04"
        },
        {
            "binary_name": "golang-1.20-go",
            "binary_version": "1.20.3-1ubuntu0.1~20.04"
        },
        {
            "binary_name": "golang-1.20-go-dbgsym",
            "binary_version": "1.20.3-1ubuntu0.1~20.04"
        },
        {
            "binary_name": "golang-1.20-src",
            "binary_version": "1.20.3-1ubuntu0.1~20.04"
        }
    ]
}

Ubuntu:22.04:LTS / golang-1.20

Package

Name
golang-1.20
Purl
pkg:deb/ubuntu/golang-1.20@1.20.3-1ubuntu0.1~22.04?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.20.3-1ubuntu0.1~22.04

Ecosystem specific 

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "golang-1.20",
            "binary_version": "1.20.3-1ubuntu0.1~22.04"
        },
        {
            "binary_name": "golang-1.20-doc",
            "binary_version": "1.20.3-1ubuntu0.1~22.04"
        },
        {
            "binary_name": "golang-1.20-go",
            "binary_version": "1.20.3-1ubuntu0.1~22.04"
        },
        {
            "binary_name": "golang-1.20-go-dbgsym",
            "binary_version": "1.20.3-1ubuntu0.1~22.04"
        },
        {
            "binary_name": "golang-1.20-src",
            "binary_version": "1.20.3-1ubuntu0.1~22.04"
        }
    ]
}