Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS0yd3JoLTZwdmMtMmptOc4AA1Aw

Moderate EPSS: 0.00097% (0.27526 Percentile) EPSS:
Permalink JSON

Improper rendering of text nodes in golang.org/x/net/html

Affected Packages Affected Versions Fixed Versions
go:golang.org/x/net
PURL: pkg:go/golang.org%2Fx%2Fnet
< 0.13.0 0.13.0
112,044 Dependent packages
276,704 Dependent repositories

Affected Version Ranges

All affected versions

v0.1.0, v0.2.0, v0.3.0, v0.4.0, v0.5.0, v0.6.0, v0.7.0, v0.8.0, v0.9.0, v0.10.0, v0.11.0, v0.12.0

All unaffected versions

v0.13.0, v0.14.0, v0.15.0, v0.16.0, v0.17.0, v0.18.0, v0.19.0, v0.20.0, v0.21.0, v0.22.0, v0.23.0, v0.24.0, v0.25.0, v0.26.0, v0.27.0, v0.28.0, v0.29.0, v0.30.0, v0.31.0, v0.32.0, v0.33.0, v0.34.0, v0.35.0, v0.36.0, v0.37.0, v0.38.0, v0.39.0, v0.40.0, v0.41.0, v0.42.0, v0.43.0, v0.44.0, v0.45.0, v0.46.0, v0.47.0

Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.

References:

Identifiers

GHSA-2wrh-6pvc-2jm9

CVE-2023-3978

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00097

EPSS Percentile: 0.27526

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Date and time

Published

over 2 years ago

Updated

2 days ago

API

JSON