Public on 2023-08-02
Modified on 2024-02-06
Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.
Medium severity
CVSS v3 Base Score
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 amazon-ssm-agent Not Affected
Amazon Linux 2 - Core amazon-ssm-agent 2023-10-12 ALAS2-2023-2303 Fixed
Amazon Linux 2023 amazon-ssm-agent 2023-09-27 ALAS2023-2023-373 Fixed
Amazon Linux 1 containerd Not Affected
Amazon Linux 2 - Docker Extra containerd 2024-02-01 ALAS2DOCKER-2024-037 Fixed
Amazon Linux 2 - Ecs Extra containerd 2024-03-04 ALAS2ECS-2024-035 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra containerd 2024-02-01 ALAS2NITRO-ENCLAVES-2024-037 Fixed
Amazon Linux 2 - Core cri-tools 2024-02-01 ALAS2-2024-2446 Fixed
Amazon Linux 1 docker Not Affected
Amazon Linux 1 ecs-init Not Affected
Amazon Linux 2 - Ecs Extra ecs-init 2024-01-03 ALAS2ECS-2024-031 Fixed
Amazon Linux 2023 ecs-init 2024-01-03 ALAS2023-2024-476 Fixed
Amazon Linux 1 golang Not Affected
Amazon Linux 1 golist Not Affected
Amazon Linux 2 - Core nerdctl 2023-11-09 ALAS2-2023-2339 Fixed
Amazon Linux 2023 nerdctl 2023-09-27 ALAS2023-2023-366 Fixed
Amazon Linux 1 runc Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N