CVE-2023-24538

Public on 2023-04-06

Modified on 2024-04-29

Description

Templates did not properly consider backticks (`) as Javascript string delimiters, and as such did
not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template
contained a Go template action within a Javascript template literal, the contents of the action could
be used to terminate the literal, injecting arbitrary Javascript code into the Go template.

Severity

Medium

CVSS v3 Base Score

5.9

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory	Status
Amazon Linux 1	amazon-ssm-agent	2023-10-12	ALAS-2023-1866	Fixed
Amazon Linux 2 - Core	amazon-ssm-agent	2023-10-12	ALAS2-2023-2303	Fixed
Amazon Linux 2023	amazon-ssm-agent	2023-10-12	ALAS2023-2023-388	Fixed
Amazon Linux 2 - Docker Extra	containerd	2023-08-17	ALAS2DOCKER-2023-029	Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	containerd	2023-08-03	ALAS2NITRO-ENCLAVES-2023-026	Fixed
Amazon Linux 2 - Docker Extra	docker	2023-10-18	ALAS2DOCKER-2023-031	Fixed
Amazon Linux 2 - Ecs Extra	docker	2023-10-31	ALAS2ECS-2023-019	Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra	docker	2023-10-18	ALAS2NITRO-ENCLAVES-2023-030	Fixed
Amazon Linux 1	golang	2023-04-13	ALAS-2023-1731	Fixed
Amazon Linux 1	golang	2023-09-27	ALAS-2023-1848	Fixed
Amazon Linux 2 - Core	golang	2023-04-13	ALAS2-2023-2015	Fixed
Amazon Linux 2 - Core	golang	2023-07-20	ALAS2-2023-2163	Fixed
Amazon Linux 2 - Golang1.19 Extra	golang	2023-08-07	ALAS2GOLANG1.19-2023-001	Fixed
Amazon Linux 2023	golang	2023-04-27	ALAS2023-2023-175	Fixed

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
NVD	CVSSv3	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Red Hat: CVE-2023-24538 Mitre: CVE-2023-24538