data/reports/GO-2023-1751.yaml - vulndb - Git at Google

 modules:
   - module: std
     versions:
       - fixed: 1.19.9
       - introduced: 1.20.0-0
         fixed: 1.20.4
     vulnerable_at: 1.20.3
     packages:
       - package: html/template
         symbols:
           - cssValueFilter
           - escaper.commit
         derived_symbols:
           - Template.Execute
           - Template.ExecuteTemplate
 summary: Improper sanitization of CSS values in html/template
 description: |
     Angle brackets (<>) are not considered dangerous characters when inserted
     into CSS contexts. Templates containing multiple actions separated by a '/'
     character can result in unexpectedly closing the CSS context and allowing
     for injection of unexpected HTML, if executed with untrusted input.
 credits:
   - Juho Nurminen of Mattermost
 references:
   - report: https://go.dev/issue/59720
   - fix: https://go.dev/cl/491615
   - web: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
 cve_metadata:
     id: CVE-2023-24539
     cwe: 'CWE-74: Improper input validation'
	modules:
	- module: std
	versions:
	- fixed: 1.19.9
	- introduced: 1.20.0-0
	fixed: 1.20.4
	vulnerable_at: 1.20.3
	packages:
	- package: html/template
	symbols:
	- cssValueFilter
	- escaper.commit
	derived_symbols:
	- Template.Execute
	- Template.ExecuteTemplate
	summary: Improper sanitization of CSS values in html/template
	description: \|
	Angle brackets (<>) are not considered dangerous characters when inserted
	into CSS contexts. Templates containing multiple actions separated by a '/'
	character can result in unexpectedly closing the CSS context and allowing
	for injection of unexpected HTML, if executed with untrusted input.
	credits:
	- Juho Nurminen of Mattermost
	references:
	- report: https://go.dev/issue/59720
	- fix: https://go.dev/cl/491615
	- web: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
	cve_metadata:
	id: CVE-2023-24539
	cwe: 'CWE-74: Improper input validation'