CVE-2023-24540
Public on 2023-05-05
Modified on 2024-04-29
Description
html/template: improper handling of JavaScript whitespace.
Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Not all valid JavaScript whitespace characters were considered to be whitespace. Templates containing whitespace characters outside of the character set "\t\n\f\r\u0020\u2028\u2029" in JavaScript contexts that also contain actions may not be properly sanitized during execution.
Severity
CVSS v3 Base Score
See breakdown
Affected Packages
Platform | Package | Release Date | Advisory | Status |
---|---|---|---|---|
Amazon Linux 1 | amazon-ssm-agent | 2023-10-12 | ALAS-2023-1866 | Fixed |
Amazon Linux 2 - Core | amazon-ssm-agent | 2023-10-12 | ALAS2-2023-2303 | Fixed |
Amazon Linux 2 - Docker Extra | containerd | 2023-08-17 | ALAS2DOCKER-2023-029 | Fixed |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | containerd | 2023-08-03 | ALAS2NITRO-ENCLAVES-2023-026 | Fixed |
Amazon Linux 2 - Docker Extra | docker | 2023-10-18 | ALAS2DOCKER-2023-031 | Fixed |
Amazon Linux 2 - Ecs Extra | docker | 2023-10-31 | ALAS2ECS-2023-019 | Fixed |
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra | docker | 2023-10-18 | ALAS2NITRO-ENCLAVES-2023-030 | Fixed |
Amazon Linux 1 | golang | 2023-06-05 | ALAS-2023-1760 | Fixed |
Amazon Linux 1 | golang | 2023-09-27 | ALAS-2023-1848 | Fixed |
Amazon Linux 2 - Core | golang | 2023-07-20 | ALAS2-2023-2163 | Fixed |
Amazon Linux 2 - Golang1.19 Extra | golang | 2023-08-07 | ALAS2GOLANG1.19-2023-001 | Fixed |
Amazon Linux 2023 | golang | 2023-06-07 | ALAS2023-2023-209 | Fixed |
CVSS Scores
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv3 | 6.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
NVD | CVSSv3 | 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |