CVE-2023-39318 - OpenCVE

The html/template package does not properly handle HTML-like "" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Golang	Go

Configuration 1 [-]

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go::::::::

References

Link	Resource
https://go.dev/cl/526156	Patch
https://go.dev/issue/62196	Issue Tracking
https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ	Mailing List Release Notes
https://pkg.go.dev/vuln/GO-2023-2041	Vendor Advisory
https://security.gentoo.org/glsa/202311-09
https://security.netapp.com/advisory/ntap-20231020-0009/	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Go

Published: 2023-09-08T16:13:24.063Z

Updated: 2023-09-08T16:13:24.063Z

Reserved: 2023-07-27T17:05:55.186Z

Link: CVE-2023-39318

JSON object: View

NVD Information

Status : Modified

Published: 2023-09-08T17:15:27.823

Modified: 2023-11-25T11:15:17.430

Link: CVE-2023-39318

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "F1B13F8E-84CD-45E0-8DC5-FFF2A1E5E162", "versionEndExcluding": "1.20.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "958E1BA0-2840-47E9-A790-79C10164C68C", "versionEndExcluding": "1.21.1", "versionStartIncluding": "1.21.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in <script> contexts. This may cause the template parser to improperly interpret the contents of <script> contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack."}, {"lang": "es", "value": "El paquete html/template no maneja correctamente los tokens de comentario \"\" similares a HTML, ni los tokens de comentario hashbang \"#!\", en el contexto "}], "id": "CVE-2023-39318", "lastModified": "2023-11-25T11:15:17.430", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-09-08T17:15:27.823", "references": [{"source": "security@golang.org", "tags": ["Patch"], "url": "https://go.dev/cl/526156"}, {"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/62196"}, {"source": "security@golang.org", "tags": ["Mailing List", "Release Notes"], "url": "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-2041"}, {"source": "security@golang.org", "url": "https://security.gentoo.org/glsa/202311-09"}, {"source": "security@golang.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231020-0009/"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}