{"vulnerability": "CVE-2023-29400", "sightings": [{"uuid": "7d2ed518-76bd-4290-90c2-59afa0f487f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29400", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/2940", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-29400\n\ud83d\udd39 Description: Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.\n\ud83d\udccf Published: 2023-05-11T15:29:24.874Z\n\ud83d\udccf Modified: 2025-01-24T16:47:46.724Z\n\ud83d\udd17 References:\n1. https://go.dev/issue/59722\n2. https://go.dev/cl/491617\n3. https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU\n4. https://pkg.go.dev/vuln/GO-2023-1753", "creation_timestamp": "2025-01-24T17:04:54.000000Z"}, {"uuid": "6140a405-ea89-4b9b-ba8f-ee1771f4cdff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-29400", "type": "seen", "source": "https://t.me/cibsecurity/63899", "content": "\u203c CVE-2023-29400 \u203c\n\nTemplates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-05-11T20:15:26.000000Z"}]}