blob: de76c09c5bdbbd9cd75638111861670ef81bd84c [file] [log] [blame]
id: GO-2023-1751
modules:
- module: std
versions:
- fixed: 1.19.9
- introduced: 1.20.0-0
- fixed: 1.20.4
vulnerable_at: 1.20.3
packages:
- package: html/template
symbols:
- cssValueFilter
- escaper.commit
derived_symbols:
- Template.Execute
- Template.ExecuteTemplate
summary: Improper sanitization of CSS values in html/template
description: |-
Angle brackets (<>) are not considered dangerous characters when inserted into
CSS contexts. Templates containing multiple actions separated by a '/' character
can result in unexpectedly closing the CSS context and allowing for injection of
unexpected HTML, if executed with untrusted input.
credits:
- Juho Nurminen of Mattermost
references:
- report: https://go.dev/issue/59720
- fix: https://go.dev/cl/491615
- web: https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU
cve_metadata:
id: CVE-2023-24539
cwe: 'CWE-74: Improper input validation'
review_status: REVIEWED